From owner-freebsd-security Mon Jul 1 09:39:26 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA08896 for security-outgoing; Mon, 1 Jul 1996 09:39:26 -0700 (PDT) Received: from uu.elvisti.kiev.ua (acc0.elvisti.kiev.ua [193.125.28.132]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id JAA08878 for ; Mon, 1 Jul 1996 09:38:32 -0700 (PDT) Received: from office.elvisti.kiev.ua (office.elvisti.kiev.ua [193.125.28.129]) by uu.elvisti.kiev.ua (8.7.5/8.7.3) with ESMTP id TAA20774; Mon, 1 Jul 1996 19:57:46 +0300 (EET DST) Received: (from stesin@localhost) by office.elvisti.kiev.ua (8.6.12/8.ElVisti) id TAA18740; Mon, 1 Jul 1996 19:57:45 +0300 From: "Andrew V. Stesin" Message-Id: <199607011657.TAA18740@office.elvisti.kiev.ua> Subject: Re: Possible to block ARP? To: nate@mt.sri.com (Nate Williams) Date: Mon, 1 Jul 1996 19:57:44 +0300 (EET DST) Cc: taob@io.org, freebsd-security@FreeBSD.ORG In-Reply-To: <199607011528.JAA09543@rocky.mt.sri.com> from "Nate Williams" at Jul 1, 96 09:28:42 am X-Mailer: ELM [version 2.4 PL24alpha5] Content-Type: text Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk # Do you have access to the machine in question? If so, you can 'add' a # permanent fake-ARP entry on that box, which would be easier than trying # to add a kernel hack to avoid having it's ARP entry published. What about the following: disable ARP on the firewall's ether interface, and add permanent ARP entries _on the firewall_ for the boxes allowed to access it? (I guess that if some other guy will insert even a real ARP entry for the firewall, the firewall won't be able to send him any reply. In combination with IP filtering this should be enough?) -- With best regards -- Andrew Stesin. Phones/fax: +380 (44) { 244-0122, 276-0188, 271-3457, 271-3560 } "You may delegate authority, but not responsibility." Frank's Management Rule #1.