Re: arp problem

From: Akatosh (akatosh@rains.net)
Date: 04/23/02 

Date: Tue, 23 Apr 2002 11:07:55 -0400 (EDT)
From: Akatosh <akatosh@rains.net>
To: Bart這miej Konarski <bartek@pjwstk.edu.pl>

This comes up every year or so on some list or another.

Linux will send traffic for any of it's addresses through any interface.
This is allowed in rfc 1122 section 3.3.4.2. You can change this behavior
by doing this

echo 1 > /proc/sys/net/ipv4/conf/all/hidden
echo 1 > /proc/sys/net/ipv4/conf/eth0/hidden
echo 1 > /proc/sys/net/ipv4/conf/eth1/hidden

On Sun, 21 Apr 2002, Bart這miej Konarski wrote:

> Hi,
>
> I have a small problem.
> Situation:
> We have linux box running kernel 2.4 with 2 NICs.
> Let`s assume that
> eth0 IP 10.1.1.1/8 MAC 11:11:11:11:11:11,
> eth1 IP 192.168.0.1/24 MAC 22:22:22:22:22:22
>
> We can even safely set the eth1 interface down, remove a patchcord from
> this interface or it can be dummy0 interface.
>
> On the second machine from network 10.0.0.0 (in our case 10.2.2.2) we try:
> # arping 192.168.0.1
> and we got the reply:
> Unicast reply from 192.168.0.1 [11:11:11:11:11:11] 0.765ms
>
> Looks strange - there is no proxy-arp turned on on any of the interfaces.
>
> What can we do with this knowledge ? For example we can try to find
> suspected masquerade machines in our network.
> It is also very easy to scan for private networks behind the suspected
> machines.
>
> We tried this under Linux kernel 2.4
> This technique didn`t work with multihomed MS-Windows machine.
> It didn`t work on cisco 2500 series either.
>
> The questions are:
> How to turn this off ?
> Is it only a feature of the kernel series 2.4 ?
>
>
> 

-- 
Edward Fahner
Systems Administrator, Planet Communications Network
(540) 442-6677 x222 [aka. Akatosh  .CU.Au, akatosh@rains.net]
DC2.DwGmL--WT--SksCre+\Cvi+BflA(+r-v+++)NaM++H++$FoR+Ac+++!J+S+U-I--#V+++Q+Tc++E--

Relevant Pages

  • Re: FreeBSD and Toshiba PCX2600 Cable Modem
    ... The linux box isn't set up DHCP either so that pretty much rules ... about getting internet connectivity from my machine. ... save of course the interface and dynamic options. ... re-use any config files or scripts between the two machines. ...
    (comp.unix.bsd.freebsd.misc)
  • Network interrupts
    ... I am a newbie trying to bring up a board on MontaVista Linux. ... board has an Intel IOP321 processor with an ARM core. ... the interface was configured correctly. ... IntelPRO/1000 Network Driver - version 5.0.43 ...
    (comp.os.linux.embedded)
  • RE: Virtual Network Interfaces
    ... assign the internal-only machines to addresses that may not be available. ... Your other method is that I keep NAT on the internal interface as normal, ... internal network, but use the VLAN interface for external access. ... used VLANs before, so I don't know exactly how they work. ...
    (freebsd-net)
  • Re: Re: Deploring *nix Philosophy
    ... > you could set it so users could open and close the ppp interface at will. ... > initially invest in a fedora bible of sorts. ... > bring the complexity or power of the OS down to the level of a windows ... > sure that bringing Linux down to the level of windows home setup just to ...
    (Fedora)
  • Re: Stategy for (Large?) 16bit COBOL code conversion to Net Express
    ... Express and Visual studio 2005 loaded on a Windows 2003 Terminal server. ... interface from application logic. ... AFTER user interface is separated from business ... Because Linux has a big chunk of the server market. ...
    (comp.lang.cobol)