I have "arp who-has" packets coming to my nic constantly, and since it''s a wireless NIC in master mode (Access point mode), I have all packets, IP or not coming into it. I want to filter out packets from any client that aren''t directly addressed to the Access Point (ie, 192.168.1.100 can''t use services setup on 192.168.1.101)... I know it may NOT be possible to block entirely, but at least sending back incorrect who-has addresses would be a start... Can someone please offer some solutions? Thanks, Shawn
On Tue, 24 Feb 2004, Shawn McGrath wrote:> I have "arp who-has" packets coming to my nic constantly, and since > it''s a wireless NIC in master mode (Access point mode), I have all > packets, IP or not coming into it. I want to filter out packets from > any client that aren''t directly addressed to the Access Point (ie, > 192.168.1.100 can''t use services setup on 192.168.1.101)... > > I know it may NOT be possible to block entirely, but at least sending > back incorrect who-has addresses would be a start... > > Can someone please offer some solutions? >No. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Tue, 24 Feb 2004 20:25:34 -0500, Shawn McGrath <ozzira@mac.com> wrote:> I have "arp who-has" packets coming to my nic constantly, and since it''s > a wireless NIC in master mode (Access point mode), I have all packets, > IP or not coming into it. I want to filter out packets from any client > that aren''t directly addressed to the Access Point (ie, 192.168.1.100 > can''t use services setup on 192.168.1.101)... > > I know it may NOT be possible to block entirely, but at least sending > back incorrect who-has addresses would be a start... > > Can someone please offer some solutions?I don''t think Shorewall can help you in this case. It''s based on netfilter, which as I understand it can only filter IP packets, not ARP ones. I don''t know anything about it (I just found it on Google) but maybe something like this can help? http://www.securiteam.com/tools/5QP0I2AC0I.html regards Julian
On Tuesday 24 February 2004 05:47 pm, Tom Eastep wrote:> On Tue, 24 Feb 2004, Shawn McGrath wrote: > > I have "arp who-has" packets coming to my nic constantly, and since > > it''s a wireless NIC in master mode (Access point mode), I have all > > packets, IP or not coming into it. I want to filter out packets from > > any client that aren''t directly addressed to the Access Point (ie, > > 192.168.1.100 can''t use services setup on 192.168.1.101)... > > > > I know it may NOT be possible to block entirely, but at least sending > > back incorrect who-has addresses would be a start... > > > > Can someone please offer some solutions? > > No.I guess that I could be a little more verbose. While Netfilter has ARP filtering support, that support has never been externalized to user-space. Consequently, there is currently no way to do ARP filtering with Netfilter (and hence with Shorewall). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Yeah, it turns out I was pointed to the wrong place.. someone on the prism54 forums sent me to shorewall to solve my problem, unfortunently, it doesn''t seem like it''ll do the job, thanks anyways guys. Shawn. On 25-Feb-04, at 10:59 AM, Tom Eastep wrote:> On Tuesday 24 February 2004 05:47 pm, Tom Eastep wrote: >> On Tue, 24 Feb 2004, Shawn McGrath wrote: >>> I have "arp who-has" packets coming to my nic constantly, and since >>> it''s a wireless NIC in master mode (Access point mode), I have all >>> packets, IP or not coming into it. I want to filter out packets from >>> any client that aren''t directly addressed to the Access Point (ie, >>> 192.168.1.100 can''t use services setup on 192.168.1.101)... >>> >>> I know it may NOT be possible to block entirely, but at least sending >>> back incorrect who-has addresses would be a start... >>> >>> Can someone please offer some solutions? >> >> No. > > I guess that I could be a little more verbose. While Netfilter has ARP > filtering support, that support has never been externalized to > user-space. > Consequently, there is currently no way to do ARP filtering with > Netfilter > (and hence with Shorewall). > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm