Date: Sat, 21 Apr 2001 20:02:08 +0200 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-security@freebsd.org Subject: Re: static arp values Message-ID: <20010421200208.X20830@speedy.gsinet> In-Reply-To: <Pine.GSO.4.21.0104201903300.26618-100000@helios>; from t98pth@student.bth.se on Fri, Apr 20, 2001 at 07:13:14PM %2B0200 References: <Pine.GSO.4.21.0104201903300.26618-100000@helios>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 20, 2001 at 19:13 +0200, P=E4r Thoren wrote:
>=20
> Is it possible to make a arptable entry static? For example the
> arp adress of my gateway. So that man-in-the-middle attack can
> be prevented.
See PR conf/23063 with the "[PATCH] for static ARP tables in
rc.network" synopsis. It allows you to do everything statically
or just "seed" your table on bootup and still have the kernel
learn new entries.
There's been a short thread in the -security list around the time
of the PR's submission discussing that this is not a very clean
and reliable method of preventing attacks but mostly gives "warm
fuzzies" for those of us who like static configuration. :)
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--=20
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010421200208.X20830>