From owner-freebsd-security Mon Mar 2 08:33:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA04382 for freebsd-security-outgoing; Mon, 2 Mar 1998 08:33:45 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from diablo.adm.lv (diablo.adm.lv [195.122.3.13]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA04377 for ; Mon, 2 Mar 1998 08:33:36 -0800 (PST) (envelope-from rt@adm.lv) Received: from dark (dark.adm.lv [195.122.3.3]) by diablo.adm.lv (1.2.3/ADM 2.5) with SMTP id SAA06900 for ; Mon, 2 Mar 1998 18:48:31 +0200 (EET) Message-Id: <3.0.5.32.19980302183121.0085b330@mail.adm.lv> Date: Mon, 02 Mar 1998 18:31:21 +0200 To: freebsd-security@FreeBSD.ORG From: Raimonds Treimanis Subject: ARP Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Hello! Can anybody explain me - is it possible to disable dynamic arp discovery on FreeBSD box. I just want that box to accept connections from certain known boxes on LAN and disable any posibility to fake IP address. So, i'm ifconfing ethernet device with -arp otption, which, as written in man, should disable use of ARP, and reading MAC addresses of some listed hosts with 'arp -f somefile' Unfortunately seems that if host is not listed in ARP tables system lookups its address anyway. Only way to avoid it was to write some nonexistent MAC address for those IP address, and it worked while i was trying to connect FROM that FreeBSD box. But if connection was initiated from that other host FreeBSD with great plesure accepted new MAC address for that host, deleting old value in ARP table without any problems, despite all MANs and DOCs :( With best wishes, Raimonds Treimanis. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message