Date: Thu, 13 Apr 2006 19:44:09 +0800 From: hshh <hunreal@gmail.com> To: freebsd-ipfw@freebsd.org Subject: Still ARP Spoof question. Message-ID: <9b6b59500604130444q3e4032cai907919aa77780c52@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I have some FreeBSD box, include 4.11, 6.0, 6.1-PRERELEASE. They are in the same network, and all compiled with IPFW2 support. In that network, there are another server, and not mine. I can't control them either. One day, maybe one computer was hacked, and sent my server by fake ARP packet. That's ARP Spoof, but it make a fake gateway to attack my server. dmesg can show this message like: arp: x.x.x.254 moved from 00:02:b3:52:5d:25 to 02:e0:52:14:37:4a on fxp0 x.x.x.254 is gateway of that network, and 02:e0:52:14:37:4a is MAC of real gateway. 00:02:b3:52:5d:25 is fake MAC, 00:11:22:33:44:55 was seen too. I tried to use ``arp -S x.x.x.254 02:e0:52:14:37:4a'', and not work. After some seconds, my server can't communication with gateway. I tried to use ipfw2 to deny these packet, ``deny ip from any to any MAC any 00:02:b3:52:5d:25 layer2'', not work either. Although I tune ``net.link.ether.ipfw'' from 0 to 1, still not work. What can I do? I can't touch the switch, can't touch the gateway either. Any good idea to help me?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9b6b59500604130444q3e4032cai907919aa77780c52>