From owner-freebsd-questions  Tue May 19 15:27:22 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA03115
          for freebsd-questions-outgoing; Tue, 19 May 1998 15:27:22 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA03070
          for <questions@FreeBSD.ORG>; Tue, 19 May 1998 15:27:09 -0700 (PDT)
          (envelope-from dwhite@gdi.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by gdi.uoregon.edu (8.8.8/8.8.8) with SMTP id PAA11971;
          Tue, 19 May 1998 15:27:03 -0700 (PDT)
          (envelope-from dwhite@gdi.uoregon.edu)
Date: Tue, 19 May 1998 15:27:03 -0700 (PDT)
From: Doug White <dwhite@gdi.uoregon.edu>
Reply-To: Doug White <dwhite@resnet.uoregon.edu>
To: Karl Pielorz <kpielorz@tdx.co.uk>
cc: questions@FreeBSD.ORG
Subject: Re: ARP's - Overriden even if marked 'permanent'?
In-Reply-To: <35614547.1B4DCAC7@tdx.co.uk>
Message-ID: <Pine.BSF.3.96.980519152409.11841a-100000@gdi.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 19 May 1998, Karl Pielorz wrote:

> Doug White wrote:
> 
> > I don't think so.  ARP is sort of arbitrary anyway, if it gets new
> > information it'll overwrite it.  It's `permanent' in the sense that it
> > won't expire it from the ARP cache and do ARP queries.
> 
> Hmmm, so it's doing my security no good whatsoever - as even if I do mark
> the stuff permanent it will get overwritten...

Exactly my point.  Permanent doesn't include overwriting/updating with
more current info, it just keeps the entry from being expired & deleted.

> This kinda looks as if it's true - as if I set the arp's manually on my
> Cisco router - it _doesn't_ overwrite them (i.e. if I change a network card
> in a machine it can't talk to the Cisco)...  

> Is there anyway of using IPFW to block incoming ARP's for addresses I've
> marked permanent (assuming I know the IP addresses in advance)?

Any reason you don't want the arp entry to get eaten?  The assumption
being that if someone changes the nic in their machine, your machine will
notice any ARP requests for the MAC and any responses and update itself.
If two people are gobbling one IP then your BSD box will make a syslog
note when an ARP request gets two replies.

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message