Date: Tue, 7 Sep 1999 00:22:03 -0400 (EDT) From: Barrett Richardson <barrett@phoenix.aye.net> To: Bartek Siebab <bsiebab@rubikon.net.pl> Cc: FreeBSD ISP <freebsd-isp@FreeBSD.org> Subject: Re: Really static arp? Message-ID: <Pine.BSF.4.01.9909070010240.25986-100000@phoenix.aye.net> In-Reply-To: <001201bef890$f98e8a80$c805a0d4@stonehenge>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 6 Sep 1999, Bartek Siebab wrote: > Hi! > > I have many malicious users in my LAN. Many of them has > access disabled to our certain services, but if they change > their ip adress we can't filter them by ip. > > User can change ip but his MAC adress is static, but > arp -S isn't solution, because when user has new ip > arp add it to cache and after arp -a we have a few entry > for ip with a few MAC adresses, so trafic is passed from > this ip (currently and temporary not used by other user)! > > How to disable arp from do this? > How to set up arp table really static? > Maybe is there any solutions for ipfw based on MAC? You could use 'arp -S' to publish arp entries for the whole block of addresses that the lan could use. Associate the arp entry for an assigned ip to a particular MAC address only, and associate all unassigned ip addresses to the MAC address of the FreeBSD box -- or could assign unused ip addresses as aliases to FreeBSD box. That should hamper their network capabilities if they change addresses. - Barrett > > -- > Bartek Siebab bs@vt.pl > bsiebab@rubikon.net.pl > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9909070010240.25986-100000>