Hi Claudio, Steve,
> > While user is blocked by _our_ generated MAC! Btw, could anyone advice
> > me how to block user IP block without touching ipfw (I think to use
> > route + ``-blackhole' to that user that have no his MAC in my ARP
> > table), any ideas?
I'm just wondering why you don't want
Steve Langdon wrote:
> Sten, thanks for helping me.
>
> Another question: ``route -blackhole' is the same thing like ``arp -S [IP]
> 00:00:00:00:00'? So packet will ignore on router. Or not?
>
>
-blackhole would drop any packets matching that route. That is, it drops
packets coming from say the
On Wed, Aug 10, 2005 at 05:07:27PM +0400, Steve Langdon wrote:
> Hello all.
>
> Help me to solve a strange conduct.
> I want to have permanent bundle with IP->MAC for users in our network to
> have some security. So, once my user's MAC doesn't appear in my ARP
> table, I have to block by ``arp -S
Date: Wed, 10 Aug 2005 15:35:17 +0200
Subject: Re: Stranges with ARP
[snip]
> Using static arp is a very VERY bad idea.
> Consider an flood attack against this IP. All packets will be sent to
> ALL clients and you would have a hard time tracking down the problem.
>
> Ju
Hello all.
Help me to solve a strange conduct.
I want to have permanent bundle with IP->MAC for users in our network to have
some security. So, once my user's MAC doesn't appear in my ARP table, I have to
block by ``arp -S ..' his IP with MAC generated by my script with prefix
d1:fa:28.
One da
