08-17-2009
The Goal
I'm able to analize every field of the ARP frame that i capture, but not to avoid the malicious frame to take effect over the cache because i can't stop the kernel.
So, how can i do that? how could i check the frame and if it's a valid one THEN apply it to the cache, just before the kernel does it?
I have no room to speak here, and will most likely get bashed to death.
However, what the goal here seems to be is: Intercept packets before they get to the cache, qualify them as malicous or non-malicious.
So wouldn't a good firewall do this??
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
hi,
What is the difference between UBC cache and Metadata cache ? where can i find UBC cache Hits and Metadata cache Hits in hp-ux?
Advanced thanx for the help. (2 Replies)
Discussion started by: sushaga
2 Replies
2. Solaris
Dear all,
We are testing two of our servers for mq series connectivity. The scenario is, when one machine is shutting down it's services there are some scripts that do a dns update, which removes the ip address and relates it to the ip address of the other node on our dns server, and the update... (7 Replies)
Discussion started by: earlysame55
7 Replies
3. IP Networking
how can we spoof ethernet by ARP cache poisoning on unix through a program...
can anyone post the source code to achieve this... (1 Reply)
Discussion started by: ud4u
1 Replies
4. Linux
Hi all
I am trying to understand the kernel memory management and require assistance in this regard. Kernel first creates the cache memory to perform any subsequent allocation to processes. I could not figure out how it is accomplished. Do kernel directly allocates any hardware cache or allocates... (0 Replies)
Discussion started by: joshighanshyam
0 Replies
5. Linux
Hi all
I saw in Microsoft web site www.SysInternals.com a tool called CoreInfo from able to print out on screen the size of the Data and Instruction caches of your processor, the Locigal to Physical Processor mapping, the number of the CPU sockets. etc..
Do you know if in Linux is available a... (2 Replies)
Discussion started by: manustone
2 Replies
6. UNIX for Advanced & Expert Users
18:45:47 # free -m
total used free shared buffers cached
Mem: 96679 95909 770 0 1530 19550
-/+ buffers/cache: 74828 21851
Swap: 12287 652 11635
Hi all. The below output is from a RHEL 4.5... (0 Replies)
Discussion started by: drummerrob
0 Replies
7. Linux
Hi All,
could any one point out any open source test-suites for "File cache" testing and as well as performance test suites for the same. Currently my system is up with Linux/ext4.
Regards
Manish (0 Replies)
Discussion started by: hmanish
0 Replies
8. Linux
Hi,
We are working on OEL5.7 (Oracle Linux) OS. We have a server with 64GB RAM. When we issue free -m command which shows the used, available and cached space. Most of the space is shown in cached section, where as we are not really doing much activity on the server.
It's like cached is... (5 Replies)
Discussion started by: shrshah64
5 Replies
9. Linux
Hi,
Can any one please help me increase the arp stale time of an ipv6 interface on linux platform ?
I have tried increasing the variable gc_stale_time but that doesnt work.
Thanks (2 Replies)
Discussion started by: dkothapa
2 Replies
10. UNIX for Dummies Questions & Answers
i wish to clear memory cache on a production box and i was wondering what is the worst that can happen if i do?
i already tested this on a backup server and everything seemed fine.
but i need to know from you experts what are the worst things that can happen when i run it on a real server:
... (5 Replies)
Discussion started by: SkySmart
5 Replies
LEARN ABOUT DEBIAN
send_arp
SEND_ARP(8) System Manager's Manual SEND_ARP(8)
NAME
send_arp - Send out one ARP packet with source/target IP and Ethernet hardware addresses suuplied by the user.
SYNOPSIS
send_arp sndr_ip_addr sndr_hw_addr targ_ip_addr targ_hw_addr [src_int [src_hw_addr [dest_hw_addr]]]
DESCRIPTION
send_arp This program sends out one ARP packet with source/target IP and Ethernet hardware addresses suuplied by the user. It compiles and
works on Linux and will probably work on any Unix that has SOCK_PACKET.
The idea behind this program is a proof of a concept, nothing more. It comes as is, no warranty. However, you're allowed to use it under
one condition: you must use your brain simultaneously. If this condition is not met, you shall forget about this program and go RTFM imme-
diately.
OPTIONS
sndr_ip_addr
Sender IP address for ARP packet.
sndr_hw_addr
Sender Hardware address for ARP packet.
targ_ip_addr
Target IP address for ARP packet.
targ_hw_addr
Target Hardware address for ARP packet.
src_int
Source Interface for ARP packet.
src_hw_addr
Source layer2 Hardware address for ARP packet.
dest_hw_addr
Destination layer2 Hardware address for ARP packet.
AUTHORS
send_arp - Yuri Volobuev <volobuev@t1.chem.umn.edu>
man page - Horms <horms@verge.net.au>
layer2 patch - Patrick Koppen <patrick@koppen.de>
30th October 2003 SEND_ARP(8)