I''m looking for a program that will replace the automatic ARP table population by the Linux kernel. The daemon should fix the MAC <-> IP entry from the IP of the first packet with that MAC received. Is there anything like this? -- damjan | дамјан This is my jabber ID --> damjan@bagra.net.mk <-- not my mail address!!! _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Mon, 2004-08-09 at 12:01, Damjan wrote:> I''m looking for a program that will replace the automatic ARP table > population by the Linux kernel. The daemon should fix the MAC <-> IP > entry from the IP of the first packet with that MAC received. > > Is there anything like this?you wont recive the packet unless the arp table is populated, since the sender woudn''t know to what mac to send the packet. maybe you look for /etc/ethers or man ethers good luck -- Ronny Aasen <list@datapart-as.no> _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> > I''m looking for a program that will replace the automatic ARP table > > population by the Linux kernel. The daemon should fix the MAC <-> IP > > entry from the IP of the first packet with that MAC received. > > > > Is there anything like this? > > you wont recive the packet unless the arp table is populated, since the > sender woudn''t know to what mac to send the packet.What I want to accomplish is deny the possibility of users changing their IP address, once its set. -- damjan | дамјан This is my jabber ID --> damjan@bagra.net.mk <-- not my mail address!!! _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Monday, 09 August 2004, at 14:51:55 +0200, Damjan wrote:> What I want to accomplish is deny the possibility of users changing > their IP address, once its set. >Then make it impossible for users to become "root" or equivalent in their boxes, to prevent them from changing their interfaces MAC addresses. This way users won''t be able to do so, and even in the event they try to boot with some sort of "live Linux CD" and change the MAC, this change won''t persist after reboot. If you prefer/need to control this changes from your Linux box, then you can play with iptables and its "mac" match (to bind together IP/MAC pairs) or install "arpwatch". The latter won''t prevent users from (maybe) succeeding in their attemps to gain access to places where they shouldn''t be allowed to go, but you will be inmediately notified if someone is not playing nice in your network. Hope it helps. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Sid (Linux 2.6.8-rc2-mm2) _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Mon, Aug 09, 2004 at 02:51:55PM +0200, Damjan wrote:> What I want to accomplish is deny the possibility of users changing > their IP address, once its set.You can use SNMP-able switches to either monitor or even enforce this.> damjan | дамјанBye, Peter Surda (Shurdeek) <shurdeek@routehat.org>, ICQ 10236103, +436505122023 -- Where do you think you''re going today? _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/