01-02-2012
ARP packets aren't routed, they are local subnet traffic. So putting arptables on your gateway won't stop arp going anywhere else. This means an attacker would have to actually be on your local network to spoof arp, too.
If you do have some strange configuration where all arp must pass through your router and an attacker could attach to your local network from afar, there's a lot of important arp traffic that must be broadcasted, too, you can't cavalierly block everything except certain sources and destinations.
7 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
There is a program that I am trying to run on a shell account. It depends on another program, which I have also copied to the shell account. Both are in my home directory, yet the first program has a different path hardcoded into it, which I cannot use because of permissions problems.
How can I... (3 Replies)
Discussion started by: fahadsadah
3 Replies
2. UNIX for Dummies Questions & Answers
Hi, I am currently using Mailx to send a mail message from my unix account via an SMTP relay. This is working ok.
However from the recipient end the FROM address they see on mails received is <unix account>@<domain> eg prod@liveserver.com
Is there anyway I can spoof this FROM address from the... (1 Reply)
Discussion started by: jimthompson
1 Replies
3. Cybersecurity
Hello all, i need your quick help. I have assignment project class to make a program using pcap library to spoofing DNS in linux environment. Can anyone help me, because i'm newbie in network security and in C?:confused:
Regards,
ptrfw (1 Reply)
Discussion started by: riska_bali
1 Replies
4. Cybersecurity
There is a question in the SCO section asking for information on how to change the MAC address of a NIC. Is there a valid reason for wanting to change the MAC address? (1 Reply)
Discussion started by: jgt
1 Replies
5. Solaris
Hi everybody!
I'm facing a problem and I doubt about the solution (I'm not very familiar with old *NIXs).
An external network supplier (let's call them "telco") just installed new communication components that filters MAC addresses.
I have a Solaris 5 server, with 1 NIC (hte0) which is... (6 Replies)
Discussion started by: Isharfoxat
6 Replies
6. OS X (Apple)
I tried to use the command
sudo ifconfig en0 ether xx:xx:xx:xx:xx:xx
to do mac spoofing for internet connection in my office. It works only for 5 minutes. Every time after about 5mins, the Internet will be disconnected. :wall:
Any one knows how to solve this problem? Thanks. (6 Replies)
Discussion started by: andrewust
6 Replies
7. UNIX for Dummies Questions & Answers
I have a machine (IP:192.168.1.185) and i want to send spoofed IP address (e.g. 192.168.1.212) to another machine(192.168.1.213) . I am using a spoofing program for this which uses raw sockets.
Now whenever i pass the parameters(spoofed ip addr and destination) to the output of the program, i... (2 Replies)
Discussion started by: syncmaster
2 Replies
ARP(3) Library Functions Manual ARP(3)
NAME
arp - Internet Address Resolution Protocol
SYNOPSIS
bind -a #a /net/arp
/net/arp/ctl
/net/arp/data
/net/arp/stats
DESCRIPTION
The arp device provides the means by which the kernel resolves IP addresses into Ethernet addresses. A cache is maintained by the arp
device to speed the process.
The ctl file controls the ARP cache maintained by the kernel. The flush control message invalidates all entries in the cache. The delete
ipaddr control message invalidates a single cache entry. All IP addresses passed to the system are in the canonical textual form described
in ip(2). The perm ipaddr control message makes an existing cache entry permanent.
When the kernel boots, ipconfig sets up the IP stream and arpd opens #a/arp/data (see ipconfig(8)). This establishes the ARP cache and
enables arpd to receive all ARP packets from the network, which it uses to maintain the cache by writing the results of address resolution
requests back into the cache. The IP stream module uses the cache to translate IP addresses.
Subsequent opens of the data file allow the contents of the cache to be examined. Each cache entry consists of an IP address, an Ethernet
address, and the status of the entry. Entries may be invalid, permanent, or temporary. Permanent entries will never be aged from the
cache. Temporary entries may be replaced by new addresses entered by the ARP server.
The file stats reports the cache performance.
SEE ALSO
ip(3), ipconfig(8)
SOURCE
/sys/src/9/port/devarp.c
ARP(3)