Hi Jesse,
please take my excuses, as I was far too impatient yesterday.
I have retried the following this morning, and it lasts a couple of
seconds, until - I think - the former injection of wrong MAC-addresses
gets a timeout.
Now the following seems to work:
ovs-ofctl add-flow br0 "
On Thu, Jul 26, 2012 at 1:09 PM, Oliver Francke wrote:
> Well,
>
> Am 26.07.2012 um 21:01 schrieb Jesse Gross :
>
>> On Thu, Jul 26, 2012 at 11:38 AM, Oliver Francke
>> wrote:
>>> I think this explains it:
>>>
>>> http://www.thegeekstuff.com/2012/01/arp-cache-poisoning/
>>>
>>> the packet I'm tal
On Thu, Jul 26, 2012 at 12:26 PM, Luiz Ozaki wrote:
> On 7/26/12 4:01 PM, Jesse Gross wrote:
>
> OVS can match on all protocol fields in an ARP packet:
> Ethernet source MAC: dl_src
> Ethernet dest MAC: dl_dst
> ARP source protocol address: nw_src
> ARP source hardware address: arp_sha
> ARP targ
Well,
Am 26.07.2012 um 21:01 schrieb Jesse Gross :
> On Thu, Jul 26, 2012 at 11:38 AM, Oliver Francke
> wrote:
>> I think this explains it:
>>
>> http://www.thegeekstuff.com/2012/01/arp-cache-poisoning/
>>
>> the packet I'm talking about is the faked arp-reply. Coming from the
>> attacking VM
On 7/26/12 4:01 PM, Jesse Gross wrote:
OVS can match on all protocol fields in an ARP packet:
Ethernet source MAC: dl_src
Ethernet dest MAC: dl_dst
ARP source protocol address: nw_src
ARP source hardware address: arp_sha
ARP target protocol address: nw_dst
ARP target hardware address: arp_tha
A
On Thu, Jul 26, 2012 at 11:38 AM, Oliver Francke
wrote:
> I think this explains it:
>
> http://www.thegeekstuff.com/2012/01/arp-cache-poisoning/
>
> the packet I'm talking about is the faked arp-reply. Coming from the
> attacking VM, telling:
> My MAC is , the IP ( faked) is my IP. Please hand ov
I think this explains it:
http://www.thegeekstuff.com/2012/01/arp-cache-poisoning/
the packet I'm talking about is the faked arp-reply. Coming from the attacking
VM, telling:
My MAC is , the IP ( faked) is my IP. Please hand over the packets to
me, it's OK.
Well, you name it ;)
I would love to
We are to yet in sync ;) …
Am 26.07.2012 um 19:21 schrieb Jesse Gross :
> On Thu, Jul 26, 2012 at 9:40 AM, Oliver Francke
> wrote:
>> Hi,
>>
>> Am 26.07.2012 um 18:07 schrieb Jesse Gross :
>>
>>> On Thu, Jul 26, 2012 at 8:30 AM, Oliver Francke
>>> wrote:
Hi Jesse,
Am 26.07.2
Hi,
Am 26.07.2012 um 19:24 schrieb Luiz Ozaki :
> On 7/26/12 6:38 AM, Oliver Francke wrote:
>> ovs-ofctl add-flow vmbr0 "in_port="${PORT}" ip idle_timeout=0 dl_src=${MAC}
>> nw_src=${IP} priority=39000 action=resubmit("${PORT}",1)"
> If you're using the dl_type=0x0800, it should match the ARP pr
On 7/26/12 6:38 AM, Oliver Francke wrote:
ovs-ofctl add-flow vmbr0 "in_port="${PORT}" ip idle_timeout=0
dl_src=${MAC} nw_src=${IP} priority=39000 action=resubmit("${PORT}",1)"
If you're using the dl_type=0x0800, it should match the ARP protocol as
well. So, you already preventing ARP spoofing a
On Thu, Jul 26, 2012 at 9:40 AM, Oliver Francke wrote:
> Hi,
>
> Am 26.07.2012 um 18:07 schrieb Jesse Gross :
>
>> On Thu, Jul 26, 2012 at 8:30 AM, Oliver Francke
>> wrote:
>>> Hi Jesse,
>>>
>>> Am 26.07.2012 um 17:17 schrieb Jesse Gross :
>>>
On Thu, Jul 26, 2012 at 2:38 AM, Oliver Francke
Hi,
Am 26.07.2012 um 18:07 schrieb Jesse Gross :
> On Thu, Jul 26, 2012 at 8:30 AM, Oliver Francke
> wrote:
>> Hi Jesse,
>>
>> Am 26.07.2012 um 17:17 schrieb Jesse Gross :
>>
>>> On Thu, Jul 26, 2012 at 2:38 AM, Oliver Francke
>>> wrote:
Hi *,
as there are many guys around h
On Thu, Jul 26, 2012 at 8:30 AM, Oliver Francke wrote:
> Hi Jesse,
>
> Am 26.07.2012 um 17:17 schrieb Jesse Gross :
>
>> On Thu, Jul 26, 2012 at 2:38 AM, Oliver Francke
>> wrote:
>>> Hi *,
>>>
>>> as there are many guys around here with OVS and qemu-virtualization I think
>>> it's the right plac
Hi Jesse,
Am 26.07.2012 um 17:17 schrieb Jesse Gross :
> On Thu, Jul 26, 2012 at 2:38 AM, Oliver Francke
> wrote:
>> Hi *,
>>
>> as there are many guys around here with OVS and qemu-virtualization I think
>> it's the right place to ask ;)
>>
>> Currently I have some basic rulesets ala:
>>
>>
On Thu, Jul 26, 2012 at 2:38 AM, Oliver Francke wrote:
> Hi *,
>
> as there are many guys around here with OVS and qemu-virtualization I think
> it's the right place to ask ;)
>
> Currently I have some basic rulesets ala:
>
> # --- 8-< ---
> ovs-ofctl add-flow vmbr0 "in_port="${PORT}" ip idle_time
Hi *,
as there are many guys around here with OVS and qemu-virtualization I
think it's the right place to ask ;)
Currently I have some basic rulesets ala:
# --- 8-< ---
ovs-ofctl add-flow vmbr0 "in_port="${PORT}" ip idle_timeout=0
nw_dst=224.0.0.0/24 priority=4 action=drop"
ovs-ofctl add
16 matches
Mail list logo
