Martin Tedjawardhana <bitboxx <at> gmail.com> writes: > I have a gentoo box with 2 NICs. eth0 with DHCP connected to the > internet and eth1 with 192.168.0.1 ip, set manually; connected to the > local network. This computer doesn't route anything and iptables is > off.
OK, Why have the second interface set up? Your goals need to be clear to get accurate help. > Recently I received a mail from the network admin who is really > anal complaining that my box responds to 192.168.0.1 arping. So if its > arpinged from the outside, eth0 will show its MAC address; giving the > impression that eth0 has 192.168.0.1 address. 'arp' and 'ping' scans are very common for ISPs. They often want to charge extra for multiple systems. Security issues are often exploited as a result of scans.... > Normal ping to 192.168.0.1 would result nothing though. > So why is eth0 responding to 192.168.0.1 arping although it does not > have that address? How can I remedy this? How can I block arping? Well, my suggestion is that you install a flat hub (great for sniffing) temporarily upstream so that you can run the same sorts of ping/arp scans against your system to see exactly what they are seeing. Then you can apply whatever fix/modification you want, and test. You may want to temporaily disconnect from your upstream provider, depending on the length of your testing. Many ISPs test at night all of the the DHCP addresses on their network. It's a routing security scan. Others are not limited any may take a very long time to profile your weaknesses, before taking any action. Eitherway, I would not leave the system powered up and connected at night, until you get your security straight. Before applying a security schema, you have to define what you need and want your network to be able to do.Then you shut down everything else with a selection of security tools and configurations, that you have tested.... You can also run ethereal on the inside of your network, and many other tools to see what sort of packets(therefore the types of activities) occuring inside your network. PS. Testing your machine from the outside is pretty much like taking a bath. It's not a question that you have to do it, only how often... YMMV. James -- gentoo-user@gentoo.org mailing list