Date: Thu, 27 Sep 2001 11:01:12 -0600 From: Brett Glass <brett@lariat.org> To: Laurent Fabre <fabre@matranet.com> Cc: Will Andrews <will@physics.purdue.edu>, FreeBSD Security <security@FreeBSD.ORG> Subject: Re: LaBrea for BSD? Message-ID: <4.3.2.7.2.20010927105751.046e2440@localhost> In-Reply-To: <200109271500.RAA09268@malraux.matranet.com> References: <20010924162750.24311@shalmaneser.thelbane.com> <4.3.2.7.2.20010925105333.04794430@localhost> <200109261355.PAA27232@malraux.matranet.com> <200109261904.VAA21740@malraux.matranet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 09:05 AM 9/27/2001, Laurent Fabre wrote: >I thought about it yup but.... >The fact is I need to capture something lower than IP, just because >we need to monitor ARP request in order to acquire new IP addresses. Automatic acquisition of unused IPs is, IMHO, a bad idea. If you're assigning addresses via DHCP, it just plain won't work; the honeypot will acquire addresses that your DHCP server still thinks can be assigned. And since every Windows client tries to ARP its own address as it starts up (in an attempt to make sure it's not stepping on someone else), a machine that has been turned off for the night will refuse to get on the Net in the morning if its address has been claimed. I'd prefer to specify the addresses to watch, thank you.... --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20010927105751.046e2440>