01-02-2012
ARP packets aren't routed, they are local subnet traffic. So putting arptables on your gateway won't stop arp going anywhere else. This means an attacker would have to actually be on your local network to spoof arp, too.
If you do have some strange configuration where all arp must pass through your router and an attacker could attach to your local network from afar, there's a lot of important arp traffic that must be broadcasted, too, you can't cavalierly block everything except certain sources and destinations.
7 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
There is a program that I am trying to run on a shell account. It depends on another program, which I have also copied to the shell account. Both are in my home directory, yet the first program has a different path hardcoded into it, which I cannot use because of permissions problems.
How can I... (3 Replies)
Discussion started by: fahadsadah
3 Replies
2. UNIX for Dummies Questions & Answers
Hi, I am currently using Mailx to send a mail message from my unix account via an SMTP relay. This is working ok.
However from the recipient end the FROM address they see on mails received is <unix account>@<domain> eg prod@liveserver.com
Is there anyway I can spoof this FROM address from the... (1 Reply)
Discussion started by: jimthompson
1 Replies
3. Cybersecurity
Hello all, i need your quick help. I have assignment project class to make a program using pcap library to spoofing DNS in linux environment. Can anyone help me, because i'm newbie in network security and in C?:confused:
Regards,
ptrfw (1 Reply)
Discussion started by: riska_bali
1 Replies
4. Cybersecurity
There is a question in the SCO section asking for information on how to change the MAC address of a NIC. Is there a valid reason for wanting to change the MAC address? (1 Reply)
Discussion started by: jgt
1 Replies
5. Solaris
Hi everybody!
I'm facing a problem and I doubt about the solution (I'm not very familiar with old *NIXs).
An external network supplier (let's call them "telco") just installed new communication components that filters MAC addresses.
I have a Solaris 5 server, with 1 NIC (hte0) which is... (6 Replies)
Discussion started by: Isharfoxat
6 Replies
6. OS X (Apple)
I tried to use the command
sudo ifconfig en0 ether xx:xx:xx:xx:xx:xx
to do mac spoofing for internet connection in my office. It works only for 5 minutes. Every time after about 5mins, the Internet will be disconnected. :wall:
Any one knows how to solve this problem? Thanks. (6 Replies)
Discussion started by: andrewust
6 Replies
7. UNIX for Dummies Questions & Answers
I have a machine (IP:192.168.1.185) and i want to send spoofed IP address (e.g. 192.168.1.212) to another machine(192.168.1.213) . I am using a spoofing program for this which uses raw sockets.
Now whenever i pass the parameters(spoofed ip addr and destination) to the output of the program, i... (2 Replies)
Discussion started by: syncmaster
2 Replies
arp(7P) arp(7P)
NAME
arp - Address Resolution Protocol
DESCRIPTION
ARP is a protocol used to dynamically map between DARPA Internet and hardware station addresses. It is used by all LAN drivers.
ARP caches Internet-to-hardware station address mappings. When an interface requests a mapping for an address not in the cache, ARP queues
the message that requires the mapping, and broadcasts a message on the associated network requesting the address mapping if the encapsula-
tion method has been enabled for the interface. If a response is provided, the new mapping is cached and any pending message is transmit-
ted. ARP queues at most one packet while waiting for a mapping request to be responded to; only the most recently ``transmitted'' packet
is kept.
To facilitate communications with systems that do not use ARP, calls are provided to enter and delete entries in the Internet-to-hardware
station address tables.
Application Usage:
Each call takes the same structure as an argument. sets an ARP entry, gets an ARP entry, and deletes an ARP entry. These calls can be
applied to any socket descriptor s, but only by the super-user. The structure contains:
The address family for the must be for the it must be The only flag bits that can be written are and Fibre Channel hosts only support the
flag. causes the entry to be permanent. specifies that the ARP code should respond to ARP requests for the indicated host coming from
other machines. This allows a host to act as an ARP server, which may be useful in convincing an ARP-only machine to talk to a non-ARP
machine.
ARP watches passively for hosts impersonating the local host (i.e., a host that responds to an ARP mapping request for the local host's
address).
DIAGNOSTICS
This message printed on the console screen means that
ARP has discovered another host on the local network that responds to mapping requests for its own Internet address.
WARNINGS
To enable the encapsulation method, use the command (see ifconfig(1M)).
AUTHOR
ARP was developed by the University of California, Berkeley.
SEE ALSO
ifconfig(1M), inet(3N), lan(7), arp(1M).
RFC826, Dave Plummer, Network Information Center, SRI.
arp(7P)