[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: arpwatch and arp packets ...urgent

Hello,

>> > Another question :
>> > it is possible to control arp protocol packets by kernel ?
>> > ... if so - this will solve some of problems. But how control arps?
>> > perhaps on firewall ? kern 2.4.24/grsec/...
>> You can adjust the refresh timer by setting
>> /proc/sys/net/ipv4/neigh/*/gc_stale_time, or you can disable ARP
>> altogether for a paricular interface by ifconfig -arp.

> You can also adjust arp-proxying by tuning these:
>   /proc/sys/net/ipv4/conf/*/{arp_filter,medium_id}
> See documentation here (require some kernel-doc package):
>  
> /usr/share/doc/kernel-doc-*/Documentation/networking/ip-sysctl.txt.gz

Thanks a lot. I read much more (to remind) about sysctl's but I do not
see any to controll ARPs.

> I didn't follow the thread closely, could you explain what do you
> mean by "controlling"?

Control, I mean as doing proxy arp only for special IP's not for
all, or etc..
I do not have any idea :( This is more important from day to day for
me :( I have some "hakers;)" in my networks who trying to spoof
another computers, If I turn off arpwatch I completly will lost
control about this. But for now I am receiving hundreds mails :(
Is it possible to do arp_proxy only for special MACs/IPs ?

=================
I have set now values:
prox_arp=1
mediurm_id=0
arp_filter=0


-- 
Cheers,
Marcin.
Reply to: