Hi Mike, Thanks for the response...
On July 28, 2004 11:30, Michael Petch wrote: > You are very much on the right track with what you posted here. I can > say that there are such devices out there that do things similar. > Do you know of any specifically? > Since you clearly have knowledge here, I will just answer this in > generalities. > > Clearly you already are on the right track with arp spoofing, and > accessing the arp requests to determine a static IP address and the > gateway. Clearly doable. > > Now with that said. How about this. You intercept the ARP request as you > suggest and you use spawn of calls to IFCONFIG and IPTABLES to do the > rest. > Yup, that was along the lines that I was thinking > You talk about creating a temporary alias so that your Gateway appears > as the gateway of the person with the static ip address. (spawn off a > call and run ifconfig - easily done). But then you have the problem of > routing the packets. I think the answer to this seems quite easy. At > this point assume you do have you have intercepted the arp packets, you > have brought up an aliased interface - now how about using IPTABLES and > DYNAMICALLY add Masquerading rules to do all the work for you? > > Of course you'd have to rework your iptables rules but this is not an > issue if you have the knowledge you seem to do about networking already. > The only potential issue I see, which appears extremely slight, is if 2 laptops had the same IP address - how would my gateway then handle that? > You talk about DNS requests. Seems simple. Add an IPTABLES rule that > says "Anything inbound from the internal interface using "DNS ports" > from "ANY Source IP Address" are redirected to a DNS server of your > choice. > Good idea, I didn't think of redirecting DNS requests > Now you may also want to consider tearing down aliases when they are no > longer in use. IE: A user logs in with a static IP, your gateway > reconfigures itself (Alias and IPTABLE rule changes). But lets say the > user disconnects. Then what? After a period of inactivity you probably > want to tear down the interface and Undo the iptables rules. > Correct > Couple ways of looking at this. You monitor activity from the IP address > and if there is no activity for X number of minutes you tear things down > (You could create an IPTables userland filter). With less hassles You > could do a PING occasionally to the users system but what if they have a > firewall blocking ICMP? There are other types of Ping (hint). Arping? > > You seem very knowledgeable, and I believe you will be successful if you > proceed down the lines you have suggested. I do know of devices that do > just as you are suggesting, and they are not very complex if you use > Linux, a bit of programming, and usage of the tools of the OS. > It sounds like you also know what you are talking about and have had some experience doing this or being involved in this. Care to share more? I can definitely see the usefulness of such a device, I am just surprised that there is nothing available currently under Linux (or that I am aware of). Martin _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
