Static arp?
pigpoked at Safe-mail.net
pigpoked at Safe-mail.net
Sun Jun 14 09:39:29 UTC 2009
Proper way, below, to achieve static arp?
# You can just add
# Code:
# arp -i eth0 -s IP MACOFROUTER
# to /etc/rc.local, right before the "exit 0" line.
This is proper method? This makes arp static? If so, in this environment is it possible for arp to be manipulated or would the above stop arp attacks and use the defined entry in rc.local?
Or have I the need to additionally modify /etc/sysctl.conf with net.ipv4.conf arp_filter entries which are not included in sysctrl by default?
Someone also suggesting:
#net.ipv4.conf.default.arp_filter=1
#net.ipv4.conf.all.arp_filter=1
#
#That will fix the problem for you. Just add those to /etc/sysctl.conf and #run 'sysctl -p' (or run each line as the argument to 'sysctl -w'.
#
#This will cause Linux to only respond to ARP requests on the interface that #an IP address is actually assigned to.
Or I need to install arptables and or ebtables?
Or is there exist more to contain and constrain arp to one router without rogue arp attacks attempting to modify my Linux system's arp?
Potential questions raised in the "Why do you want to do this" or "I have a suggestion other than attaining your goal" are asked to be avoided, thank you.
More information about the ubuntu-users
mailing list