From owner-freebsd-questions@FreeBSD.ORG Sat Jan 24 07:20:21 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD50716A4CE for ; Sat, 24 Jan 2004 07:20:20 -0800 (PST) Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id A0BAA43D5F for ; Sat, 24 Jan 2004 07:20:14 -0800 (PST) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from be-well.no-ip.com ([66.30.196.44]) by comcast.net (sccrmhc11) with ESMTP id <2004012415201401100j96ute>; Sat, 24 Jan 2004 15:20:14 +0000 Received: by be-well.no-ip.com (Postfix, from userid 1147) id CDA56F; Sat, 24 Jan 2004 10:20:13 -0500 (EST) Sender: lowell@be-well.ilk.org To: Alexey Kuzmenko References: <137240266074.20040123122339@un.kiev.ua> From: Lowell Gilbert Date: 24 Jan 2004 10:20:13 -0500 In-Reply-To: <137240266074.20040123122339@un.kiev.ua> Message-ID: <4465f1fk5u.fsf@be-well.ilk.org> Lines: 24 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-questions@freebsd.org Subject: Re: ARP poisonong. LIVE_MAC X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jan 2004 15:20:21 -0000 Alexey Kuzmenko writes: > There is a kernel module under Linux which is called LIVE-MAC. This > module provide a sort of arp spoofing attack. It broadcasts arp > replies for restricted host causing these hosts (basically windows) not > to work in the LAN. What an incredibly ugly idea. > I'm wandering if there is something like above but for FreeBSD. I need > to disallow any host network activity from the server (FreeBSD 4.8) Surely there's a better way to implement what you're actually trying to do; like firewalling the server you don't want accessed. Even if you were going to try to do this by attacking ARP, I wouldn't mess with the real IP stack to do it. Couldn't you could get the same effect by using RARP or proxy ARP? -- Lowell Gilbert, embedded/networking software engineer, Boston area: resume/CV at http://be-well.ilk.org:8088/~lowell/resume/ username/password "public"