From owner-freebsd-security  Sat Apr 21 12:16:17 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.gmx.net (pop.gmx.net [194.221.183.20])
	by hub.freebsd.org (Postfix) with SMTP id 4DBCA37B422
	for <freebsd-security@freebsd.org>; Sat, 21 Apr 2001 12:16:13 -0700 (PDT)
	(envelope-from Gerhard.Sittig@gmx.net)
Received: (qmail 27793 invoked by uid 0); 21 Apr 2001 19:16:11 -0000
Received: from pd9508867.dip.t-dialin.net (HELO speedy.gsinet) (217.80.136.103)
  by mail.gmx.net (mp005-rz3) with SMTP; 21 Apr 2001 19:16:11 -0000
Received: (from sittig@localhost)
	by speedy.gsinet (8.8.8/8.8.8) id UAA18331
	for freebsd-security@freebsd.org; Sat, 21 Apr 2001 20:02:09 +0200
Date: Sat, 21 Apr 2001 20:02:08 +0200
From: Gerhard Sittig <Gerhard.Sittig@gmx.net>
To: freebsd-security@freebsd.org
Subject: Re: static arp values
Message-ID: <20010421200208.X20830@speedy.gsinet>
Mail-Followup-To: freebsd-security@freebsd.org
References: <Pine.GSO.4.21.0104201903300.26618-100000@helios>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.GSO.4.21.0104201903300.26618-100000@helios>; from t98pth@student.bth.se on Fri, Apr 20, 2001 at 07:13:14PM +0200
Organization: System Defenestrators Inc.
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Apr 20, 2001 at 19:13 +0200, P=E4r Thoren wrote:
>=20
> Is it possible to make a arptable entry static? For example the
> arp adress of my gateway. So that man-in-the-middle attack can
> be prevented.

See PR conf/23063 with the "[PATCH] for static ARP tables in
rc.network" synopsis.  It allows you to do everything statically
or just "seed" your table on bootup and still have the kernel
learn new entries.

There's been a short thread in the -security list around the time
of the PR's submission discussing that this is not a very clean
and reliable method of preventing attacks but mostly gives "warm
fuzzies" for those of us who like static configuration. :)


virtually yours   82D1 9B9C 01DC 4FB4 D7B4  61BE 3F49 4F77 72DE DA76
Gerhard Sittig   true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--=20
     If you don't understand or are scared by any of the above
             ask your parents or an adult to help you.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message