Bugtraq mailing list archives
Re: Redir games with ARP and ICMP
From: neil.long () MATERIALS OXFORD AC UK (Neil J Long)
Date: Wed, 24 Sep 1997 09:12:28 +0100
On Sep 23, 6:36pm, Olaf Seibert wrote:
Subject: Re: Redir games with ARP and ICMP John Goerzen wrote:Having anticipated such a problem already (in our envoronment, there are many lab machines which have NFS access to user disks on a server. These machines may even be turned OFF which makes it easy for a spoofer to get in.), I wrote a short Perl script designed to be run from the system startup file. Basically, it "primes" the ARP cache on Linux with the IP and MAC addresses of known machines, setting a flag so that they are never removed from the cache and can never be changed. The config file format is simple -- IP address followed by MAC address, separated by whitespace. Pound at the beginning of a line indicates comment.This has only been tested on Linux -- people on other platforms may need to adjust the parameters to arp in the system call.Some systems (notably BSD variants) have the arp -f option: -f Causes the file filename to be read and multiple entries to be set in the ARP tables. Entries in the file should be of the
form
hostname ether_addr [temp] [pub] with argument meanings as given above. -Olaf. -- ___ Olaf 'Rhialto' Seibert D787B44DFC896063 4CBB95A5BD1DAA96 \X/ It's not easy having a good time rhialto () polder ubc kun nl -- End of excerpt from Olaf Seibert
Please note Yuri's original posting - unless you use the '-arp' option with ifconfig these "permanent" settings will get replaced! Also even with -arp any host that has not had the etheraddress set using arp -f or arp -s will be added to the arp cache. This is what I found with IRIX 6.2, HP-UX or FreeBSD and I would be surprised if any other OS was very different - the "permanent" flag stays set but the etheraddress will change unless -arp has been used. Easy to test by setting a nonesense ether for a host with arp -s and then send a ping comparing the arp cache before and after. Nothing appears in logfiles unless you have something monitoring arps such as arpwatch. Neil
Current thread:
- Re: Redir games with ARP and ICMP der Mouse (Sep 20)
- <Possible follow-ups>
- Re: Redir games with ARP and ICMP Olaf Seibert (Sep 23)
- Re: Redir games with ARP and ICMP Neil J Long (Sep 24)