|
Home > Archive > Unix Programming > December 2007 > ARP issue once again
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
ARP issue once again
|
|
| Norman Baz 2007-12-19, 1:23 pm |
| Hello everybody,
I'm working currently on a little security project,
that is meant to be portable (at least FreeBSD/Linux).
Could anybody advise me how to achieve follow goal.
I would like to have a mapping one IP to one MAC address
on the same interface.
So basically let's say I have eth0 interface on which I have:
four real IP addresses (real == visible in ifconfig)
and three MACs (only one of them can be "real" ?! )with such a
mapping: IP<->MAC
1<->A
2<->B
3<->C
4<->C
Is it somehow possible to achieve such a situation?
My first idea was to construct database (similar to that above),
intercept all incoming ARPs using libpcap and generate replies using
the same library.
But this approach will cause a problem because kernel also will replay
so remote system will receive ARP replies twice.
Ok, so idea was to disable ARP, but then I realized
that I will be not able to query remote systems.
Your input about how to solve this problem is highly appreciated.
Many Thanks,
--
Norman Baz
| |
| Barry Margolin 2007-12-19, 7:27 pm |
| In article <47692136$0$24392$5fc3050@news.tiscali.nl>,
Norman Baz <nospam@nospam.nospam> wrote:
> Hello everybody,
>
> I'm working currently on a little security project,
> that is meant to be portable (at least FreeBSD/Linux).
>
> Could anybody advise me how to achieve follow goal.
> I would like to have a mapping one IP to one MAC address
> on the same interface.
>
> So basically let's say I have eth0 interface on which I have:
> four real IP addresses (real == visible in ifconfig)
> and three MACs (only one of them can be "real" ?! )with such a
> mapping: IP<->MAC
> 1<->A
> 2<->B
> 3<->C
> 4<->C
> Is it somehow possible to achieve such a situation?
>
> My first idea was to construct database (similar to that above),
> intercept all incoming ARPs using libpcap and generate replies using
> the same library.
> But this approach will cause a problem because kernel also will replay
> so remote system will receive ARP replies twice.
>
> Ok, so idea was to disable ARP, but then I realized
> that I will be not able to query remote systems.
>
> Your input about how to solve this problem is highly appreciated.
Maybe you can use iptables to intercept incoming ARP queries, while
allowing ARP responses to be processed normally.
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
| |
| Norman Baz 2007-12-20, 7:21 pm |
| > Maybe you can use iptables to intercept incoming ARP queries, while
> allowing ARP responses to be processed normally.
Hello,
Your suggestion is doable, I just wondering if it is more
portable way of doing such a thing.
Thanks for replay.
Regards,
--
Norman Baz
| |
| David Schwartz 2007-12-20, 7:21 pm |
| On Dec 19, 5:48 am, Norman Baz <nos...@nospam.nospam> wrote:
> My first idea was to construct database (similar to that above),
> intercept all incoming ARPs using libpcap and generate replies using
> the same library.
> But this approach will cause a problem because kernel also will replay
> so remote system will receive ARP replies twice.
>
> Ok, so idea was to disable ARP, but then I realized
> that I will be not able to query remote systems.
>
> Your input about how to solve this problem is highly appreciated.
Check out a project called 'arpd'. It's a user-space ARP
implementation. I suspect they have already solved the same problems
you are facing.
DS
|
|
|
|
|