Stranges with ARP
Sten Daniel Sørsdal
lists at wm-access.no
Thu Aug 11 00:25:24 GMT 2005
Steve Langdon wrote:
> Sten, thanks for helping me.
>
> Another question: ``route -blackhole' is the same thing like ``arp -S [IP] 00:00:00:00:00'? So packet will ignore on router. Or not?
>
>
-blackhole would drop any packets matching that route. That is, it drops
packets coming from say the internet going to the user in question. It
will not block packets coming from the user and going to the internet.
This would open up for the possibility of flooding attacks from the user.
Perhaps a better solution would be to use address lists in ipfw or pf
and drop all traffic to and from a particular ip address.
ipfw can also filter on mac addresses, which could help a potential ip
stealing issue without the hazards of using static arp.
Just a thought.
--
Sten Daniel Sørsdal
More information about the freebsd-net
mailing list