|
|
ru.nethack- RU.NETHACK ------------------------------------------------------------------- From : Ilya Teterin 2:5020/400 18 Nov 2002 22:07:21 To : Sergey Ternovykh Subject : sniffer -------------------------------------------------------------------------------- Mon Nov 18 2002 20:50, Sergey Ternovykh wrote to Ilya Teterin: IT>> /me запостил недавно в багтрак ссылку на фичу, чтобы хада не только IT>> поймать, но и обломать. ST> А сюда запости? Так постил уже :) Вот что было в багреке: Here is a patch http://securitylab.ru/_tools/antidote2.diff.gz for linux kernel (2.4.18 and .19 tested) to resisting ARP spoofing. If applied, it brings a new sysctl parameter: net.ipv4.neigh.<interface name>.arp_antidote that defines kernel behaviour when changes in correspondence between MAC and IP are detected. Parameter value 0 corresponds standart behaviour, ARP cache will be silently updated. Value=1..3 corresponds "verification" behaviour. Kernel will send ARP request to test if there is a host at "old" MAC address. If such response received it lets us know than one IP pretends to have several MAC addresses at one moment, that probably caused by ARP spoof attack. Value=1 - just report attack and ignore spoofing attempt. Value=2 - ARP cache record will be marked as "static" to prevent attacks in future. Value=3 - ARP cache record will be marked as "banned", no data will be delivered to attacked IP anymore, untill system administrator unban ARP record updating it manually. - --- buggzy --- ifmail v.2.15dev5 * Origin: FidoNet Online - http://www.fido-online.com (2:5020/400) Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
Архивное /ru.nethack/16679add311be.html, оценка из 5, голосов 10
|