Date: Mon, 1 Jul 1996 19:57:44 +0300 (EET DST) From: "Andrew V. Stesin" <stesin@elvisti.kiev.ua> To: nate@mt.sri.com (Nate Williams) Cc: taob@io.org, freebsd-security@FreeBSD.ORG Subject: Re: Possible to block ARP? Message-ID: <199607011657.TAA18740@office.elvisti.kiev.ua> In-Reply-To: <199607011528.JAA09543@rocky.mt.sri.com> from "Nate Williams" at Jul 1, 96 09:28:42 am
next in thread | previous in thread | raw e-mail | index | archive | help
# Do you have access to the machine in question? If so, you can 'add' a
# permanent fake-ARP entry on that box, which would be easier than trying
# to add a kernel hack to avoid having it's ARP entry published.
What about the following:
disable ARP on the firewall's ether interface,
and add permanent ARP entries _on the firewall_
for the boxes allowed to access it?
(I guess that if some other guy will insert even a real
ARP entry for the firewall, the firewall won't be able
to send him any reply. In combination with IP filtering
this should be enough?)
--
With best regards -- Andrew Stesin.
Phones/fax: +380 (44) { 244-0122, 276-0188, 271-3457, 271-3560 }
"You may delegate authority, but not responsibility."
Frank's Management Rule #1.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607011657.TAA18740>