Hello hshh, Thursday, April 13, 2006, 2:44:09 PM, you wrote:
> I have some FreeBSD box, include 4.11, 6.0, 6.1-PRERELEASE. > They are in the same network, and all compiled with IPFW2 support. > In that network, there are another server, and not mine. I can't control > them either. > One day, maybe one computer was hacked, and sent my server by fake ARP > packet. > That's ARP Spoof, but it make a fake gateway to attack my server. > dmesg can show this message like: > arp: x.x.x.254 moved from 00:02:b3:52:5d:25 to 02:e0:52:14:37:4a on fxp0 > x.x.x.254 is gateway of that network, and 02:e0:52:14:37:4a is MAC of real > gateway. > 00:02:b3:52:5d:25 is fake MAC, 00:11:22:33:44:55 was seen too. > I tried to use ``arp -S x.x.x.254 02:e0:52:14:37:4a'', and not work. After > some seconds, > my server can't communication with gateway. > I tried to use ipfw2 to deny these packet, ``deny ip from any to any MAC any > 00:02:b3:52:5d:25 layer2'', > not work either. Although I tune ``net.link.ether.ipfw'' from 0 to 1, still > not work. > What can I do? I can't touch the switch, can't touch the gateway either. Any > good idea to help me? > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" I think that, u receive this from kernel anyway, because is an error that is processed by kernel. With firewall u can block packets to pass throught an interface. This is my opinion. -- Best regards, vladone mailto:[EMAIL PROTECTED] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
