Date: Mon, 1 Jul 1996 19:57:44 +0300 (EET DST) From: "Andrew V. Stesin" <stesin@elvisti.kiev.ua> To: nate@mt.sri.com (Nate Williams) Cc: taob@io.org, freebsd-security@FreeBSD.ORG Subject: Re: Possible to block ARP? Message-ID: <199607011657.TAA18740@office.elvisti.kiev.ua> In-Reply-To: <199607011528.JAA09543@rocky.mt.sri.com> from "Nate Williams" at Jul 1, 96 09:28:42 am
next in thread | previous in thread | raw e-mail | index | archive | help
# Do you have access to the machine in question? If so, you can 'add' a # permanent fake-ARP entry on that box, which would be easier than trying # to add a kernel hack to avoid having it's ARP entry published. What about the following: disable ARP on the firewall's ether interface, and add permanent ARP entries _on the firewall_ for the boxes allowed to access it? (I guess that if some other guy will insert even a real ARP entry for the firewall, the firewall won't be able to send him any reply. In combination with IP filtering this should be enough?) -- With best regards -- Andrew Stesin. Phones/fax: +380 (44) { 244-0122, 276-0188, 271-3457, 271-3560 } "You may delegate authority, but not responsibility." Frank's Management Rule #1.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607011657.TAA18740>