Re: [users] MAC -> IP?
On Tue, Jun 19, 2001 at 07:05:46PM +0200, Guy Geens wrote:
> >>>>> "S" == S Breedveld <S.Breedveld@ITS.TUDelft.NL> writes:
>
> Guy> It looks to me like someone who has misconfigured their machine.
> Guy> Mail the log extract to your ISP to complain.
>
> S> I have complained, but they are unwilling to listen. They do not
> S> understand these stuff. I can internet, so they have fulfilled
> S> their obligations. That's the monopoly they have.
>
> >> And in the mean time, turn off logging for this type of traffic.
>
> S> My computer is constantly fired with ARP requests from other hosts
> S> in my cable modem network. Is there a way to block these requests?
> S> I do not know which protocol(s) they consists of.
>
> ARP traffic is a normal part of an Ethernet network. Even if you could
> switch it off, you wouldn't want to: no traffic is able to connect to
> your machine without it.
Well, with iptables you can block by MAC address, so if you
allow all your own MAC addresses and any others you might need
(e.g. upstream router) and block the rest, it should do what you
want.
ARP requests are sent to the broadcast MAC address, but the
source MAC address will be the MAC address of the machine
sending it (unless it's spoofed, of course.)
> Just ignore it. Your machine will not respond to any ARP request
> unless it's a request for your IP address. It's not an attack, but
> simply a broadcast message, sent to all machines on the subnet.
>
> IMHO, your cable company has a badly designed network. I have a cable
> modem as well, and it filters out all of the traffic which is not sent
> to my IP address.
--
Michael Wood | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
wood@kingsley.co.za | Fax: +27 21 761 9930 | Kingsley Technologies
Reply to: