08-17-2009
The Goal
I'm able to analize every field of the ARP frame that i capture, but not to avoid the malicious frame to take effect over the cache because i can't stop the kernel.
So, how can i do that? how could i check the frame and if it's a valid one THEN apply it to the cache, just before the kernel does it?
I have no room to speak here, and will most likely get bashed to death.
However, what the goal here seems to be is: Intercept packets before they get to the cache, qualify them as malicous or non-malicious.
So wouldn't a good firewall do this??
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
hi,
What is the difference between UBC cache and Metadata cache ? where can i find UBC cache Hits and Metadata cache Hits in hp-ux?
Advanced thanx for the help. (2 Replies)
Discussion started by: sushaga
2 Replies
2. Solaris
Dear all,
We are testing two of our servers for mq series connectivity. The scenario is, when one machine is shutting down it's services there are some scripts that do a dns update, which removes the ip address and relates it to the ip address of the other node on our dns server, and the update... (7 Replies)
Discussion started by: earlysame55
7 Replies
3. IP Networking
how can we spoof ethernet by ARP cache poisoning on unix through a program...
can anyone post the source code to achieve this... (1 Reply)
Discussion started by: ud4u
1 Replies
4. Linux
Hi all
I am trying to understand the kernel memory management and require assistance in this regard. Kernel first creates the cache memory to perform any subsequent allocation to processes. I could not figure out how it is accomplished. Do kernel directly allocates any hardware cache or allocates... (0 Replies)
Discussion started by: joshighanshyam
0 Replies
5. Linux
Hi all
I saw in Microsoft web site www.SysInternals.com a tool called CoreInfo from able to print out on screen the size of the Data and Instruction caches of your processor, the Locigal to Physical Processor mapping, the number of the CPU sockets. etc..
Do you know if in Linux is available a... (2 Replies)
Discussion started by: manustone
2 Replies
6. UNIX for Advanced & Expert Users
18:45:47 # free -m
total used free shared buffers cached
Mem: 96679 95909 770 0 1530 19550
-/+ buffers/cache: 74828 21851
Swap: 12287 652 11635
Hi all. The below output is from a RHEL 4.5... (0 Replies)
Discussion started by: drummerrob
0 Replies
7. Linux
Hi All,
could any one point out any open source test-suites for "File cache" testing and as well as performance test suites for the same. Currently my system is up with Linux/ext4.
Regards
Manish (0 Replies)
Discussion started by: hmanish
0 Replies
8. Linux
Hi,
We are working on OEL5.7 (Oracle Linux) OS. We have a server with 64GB RAM. When we issue free -m command which shows the used, available and cached space. Most of the space is shown in cached section, where as we are not really doing much activity on the server.
It's like cached is... (5 Replies)
Discussion started by: shrshah64
5 Replies
9. Linux
Hi,
Can any one please help me increase the arp stale time of an ipv6 interface on linux platform ?
I have tried increasing the variable gc_stale_time but that doesnt work.
Thanks (2 Replies)
Discussion started by: dkothapa
2 Replies
10. UNIX for Dummies Questions & Answers
i wish to clear memory cache on a production box and i was wondering what is the worst that can happen if i do?
i already tested this on a backup server and everything seemed fine.
but i need to know from you experts what are the worst things that can happen when i run it on a real server:
... (5 Replies)
Discussion started by: SkySmart
5 Replies
learp(8) System Manager's Manual learp(8)
NAME
learp - Displays the contents of a LAN-Emulation Address Resolution Protocol (LE-ARP) table
SYNOPSIS
/usr/sbin/learp [-u unit_number] -a
OPTIONS
Specifies a LE-ARP cache. The unit number is the same as is displayed by the netstat -i command. For example: elan0 is unit 0, elan1 is
unit 1, and so on.
If the -u option is not specified, the default unit number is 0. Displays all entries in the LAN-Emulation Address Resolution Pro-
tocol (LE-ARP) table.
DESCRIPTION
Each LAN-Emulation Client interface (displayed as elann in netstat output) has an Address Resolution Protocol (LE-ARP) table that contains
mappings of 6-byte medium access control (MAC) addresses to 20-byte Asynchronous Transfer Mode (ATM) addresses. The learp command displays
the contents of the LE-ARP table.
Each LE-ARP table entry contains the following information: Each MAC address that has been or is being contacted through the ATM-emulated
LAN. One of the following state values: AP -- LE-ARP is pending. The ATM address associated with the MAC address is not known. DE --
Delete of the LE-ARP cache entry is pending. When there are no more VCs for a LE-ARP entry, it is marked for deletion. After there is no
activity for 5 minutes (age periond), the entry is removed for the cache. FD -- Forward Direct. Packets flowing to the destination are
using the data-direct VC. FL -- Flush is pending. A new VC has been established with the remote node and the broadcast channel is being
flushed so packets flowing on the new VC will not arrive out of order. VP -- Virtual Channel (VC) setup is pending. The ATM address is
known, but no VC is established with the remote node. If known, the 20-byte ATM address associated with the MAC address. One of the fol-
lowing flags: R -- Remote entry. The MAC address is on a legacy (that is, Ethernet) network on the back side of an ATM edge device. P --
Permanent entry. The LE-ARP entry is permanent. If known, this is the Virtual Path Identifier (VPI) and the Virtual Channel Identifier
(VCI) of the data-direct VC used by packets destined to the MAC address. Many MAC addresses may use the same VC.
EXAMPLES
The following example shows the output of a learp -a command in which the LE-ARP cache contains five entries: # learp -a le-arp cache con-
tains 5 entries.
MAC Address State ATM Address Flags VPI/VCI 08-00-2b-01-01-01 (AP) pending 08-00-2b-01-01-02 (VP)
39000000000000000000000000.08002b010102.00 pending 08-00-2b-01-02-02 (FL) 39000000000000000000000000.08002b010203.00 R 0/65
08-00-2b-01-02-03 (FD) 39000000000000000000000000.08002b010203.00 0/65
SEE ALSO
Commands: atmconfig(8), atmelan(8), atmsig(8)
learp(8)