Hello,
Another question :
it is possible to control arp protocol packets by kernel ?
... if so - this will solve some of problems. But how control arps?
perhaps on firewall ? kern 2.4.24/grsec/...
You can adjust the refresh timer by setting
/proc/sys/net/ipv4/neigh/*/gc_stale_time, or you can disable ARP
altogether for a paricular interface by ifconfig -arp.
You can also adjust arp-proxying by tuning these:
/proc/sys/net/ipv4/conf/*/{arp_filter,medium_id}
See documentation here (require some kernel-doc package):
/usr/share/doc/kernel-doc-*/Documentation/networking/ip-sysctl.txt.gz
Thanks a lot. I read much more (to remind) about sysctl's but I do not
see any to controll ARPs.
I didn't follow the thread closely, could you explain what do you
mean by "controlling"?
Control, I mean as doing proxy arp only for special IP's not for
all, or etc..
I do not have any idea :( This is more important from day to day for
me :( I have some "hakers;)" in my networks who trying to spoof
another computers, If I turn off arpwatch I completly will lost
control about this. But for now I am receiving hundreds mails :(
Is it possible to do arp_proxy only for special MACs/IPs ?
=================
I have set now values:
prox_arp=1
mediurm_id=0
arp_filter=0