From owner-freebsd-net@FreeBSD.ORG  Thu Aug 11 00:25:24 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5E52E16A41F
	for <freebsd-net@freebsd.org>; Thu, 11 Aug 2005 00:25:24 +0000 (GMT)
	(envelope-from lists@wm-access.no)
Received: from lakepoint.domeneshop.no (lakepoint.domeneshop.no
	[194.63.248.54])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DE82143D49
	for <freebsd-net@freebsd.org>; Thu, 11 Aug 2005 00:25:21 +0000 (GMT)
	(envelope-from lists@wm-access.no)
Received: from [192.168.5.8] (host-81-191-3-170.bluecom.no [81.191.3.170])
	(authenticated bits=0)
	by lakepoint.domeneshop.no (8.13.4/8.13.4) with ESMTP id j7B0PJdm031658;
	Thu, 11 Aug 2005 02:25:19 +0200
Message-ID: <42FA9AD9.1070901@wm-access.no>
Date: Thu, 11 Aug 2005 02:24:57 +0200
From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= <lists@wm-access.no>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Steve Langdon <steve.langdon@mail.ru>
References: <E1E2qwz-0005um-00.steve-langdon-mail-ru@f31.mail.ru>
In-Reply-To: <E1E2qwz-0005um-00.steve-langdon-mail-ru@f31.mail.ru>
X-Enigmail-Version: 0.92.0.0
OpenPGP: id=AE7F1636
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Cc: freebsd-net@freebsd.org
Subject: Re: Stranges with ARP
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2005 00:25:24 -0000

Steve Langdon wrote:
> Sten, thanks for helping me.
> 
> Another question: ``route -blackhole' is the same thing like ``arp -S [IP] 00:00:00:00:00'? So packet will ignore on router. Or not?
> 
> 
-blackhole would drop any packets matching that route. That is, it drops
packets coming from say the internet going to the user in question. It
will not block packets coming from the user and going to the internet.
This would open up for the possibility of flooding attacks from the user.

Perhaps a better solution would be to use address lists in ipfw or pf
and drop all traffic to and from a particular ip address.
ipfw can also filter on mac addresses, which could help a potential ip
stealing issue without the hazards of using static arp.

Just a thought.

-- 
Sten Daniel Sørsdal