Subject: Re: arp addresses, hostname faking
To: Andrew Wheadon <andrew@wipux2.wifo.uni-mannheim.de>
From: Darren Reed <darrenr@vitruvius.arbld.unimelb.edu.au>
List: current-users
Date: 07/23/1995 16:11:47
In some email I received from Andrew Wheadon, sie wrote:
> 
> How can I have entrys in /etc/exports for a specific
> host and make it impossible for another host to fake
> it's address:
> i.e.
> /etc/exports.on.wipux2
> 	/src3	-alldirs -maproot=nobody 134.155.59.62
> 
> I then added the arp-address of 134.155.59.62 to /etc/arp.n
> /etc/arp.n.on.wipux2
> 	134.155.59.62	00:00:c0:bf:43:af
> and run
> 	arp -f /etc/arp.n
> but when I take a different machine and put
> 	134.155.59.62
> in it's /etc/hostname.ed0.on.bad.machine, then all I get on the wipux2
> 	arp info overwritten for 869b3b3e by 00:00:c0:bf:43:a0
> 
> Is there a way to make NetBSD not accept changes to
> the arp table ? Or is there a better way to make it 
> secure against spoofing the ip-address.

You're assuming that a host can't change its ethernet address (which it
can).  eg "ifconfig le0 ether a:b:c:d:e:f".

darren