Date: Thu, 11 Aug 2005 02:24:57 +0200 From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= <lists@wm-access.no> To: Steve Langdon <steve.langdon@mail.ru> Cc: freebsd-net@freebsd.org Subject: Re: Stranges with ARP Message-ID: <42FA9AD9.1070901@wm-access.no> In-Reply-To: <E1E2qwz-0005um-00.steve-langdon-mail-ru@f31.mail.ru> References: <E1E2qwz-0005um-00.steve-langdon-mail-ru@f31.mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Steve Langdon wrote: > Sten, thanks for helping me. > > Another question: ``route -blackhole' is the same thing like ``arp -S [IP] 00:00:00:00:00'? So packet will ignore on router. Or not? > > -blackhole would drop any packets matching that route. That is, it drops packets coming from say the internet going to the user in question. It will not block packets coming from the user and going to the internet. This would open up for the possibility of flooding attacks from the user. Perhaps a better solution would be to use address lists in ipfw or pf and drop all traffic to and from a particular ip address. ipfw can also filter on mac addresses, which could help a potential ip stealing issue without the hazards of using static arp. Just a thought. -- Sten Daniel Sørsdal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42FA9AD9.1070901>