RE: [llug-users] Fwd: MAC / IP conflict

From: Wael Ghandour
Date: Sun Mar 21 2004 - 13:17:38 EST

Next message: Roland Dreier: "Re: locking user space memory in kernel"
Previous message: Jörn Engel: "Re: [PATCH] cowlinks v2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jad,

Giving more details about your network topology (switched vs. non-switched, segmentation, e.t.c) would be useful. As a primer, I suggest looking into arpwatch, setting major arp-entries (such as your gateway address) as static, as well as investigating the use of ettercap. If the switches your provider is using on his LAN are manageable, nabbing the culprit will be a piece of cake.

Good luck.

Wael

From: Jad Saklawi <saki@xxxxxxxxxxxxxxxxxxx>
Reply-To: Jad Saklawi <jad@xxxxxxxxxxxx>
To: linux-kernel@xxxxxxxxxxxxxxx
CC: hisham@xxxxxxxxx, llug-users@xxxxxxxxxxxxxxx
Subject: [llug-users] Fwd: MAC / IP conflict
Date: Sun, 21 Mar 2004 07:09:47 +0200
MIME-Version: 1.0
Received: from byblos.greencedars.org ([66.93.193.9]) by mc5-f15.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Sun, 21 Mar 2004 09:13:10 -0800
Received: (qmail 381 invoked by uid 505); 21 Mar 2004 17:22:08 -0000
Received: (qmail 373 invoked from network); 21 Mar 2004 17:22:08 -0000
X-Message-Info: JGTYoYF78jEHjJx36Oi8+YDSEg8qKPPD
Mailing-List: contact llug-users-help@xxxxxxxxxxxxxxx; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Post: <mailto:llug-users@xxxxxxxxxxxxxxx>
List-Help: <mailto:llug-users-help@xxxxxxxxxxxxxxx>
List-Unsubscribe: <mailto:llug-users-unsubscribe@xxxxxxxxxxxxxxx>
List-Subscribe: <mailto:llug-users-subscribe@xxxxxxxxxxxxxxx>
Delivered-To: mailing list llug-users@xxxxxxxxxxxxxxx
Message-ID: <405D239B.30602@xxxxxxxxxxxxxxxxxxx>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031105 Thunderbird/0.3
X-Accept-Language: en-us, en
X-SA-Exim-Mail-From: saki@xxxxxxxxxxxxxxxxxxx
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on calcium.dnsix.com
X-Spam-Level: X-Spam-Status: No, hits=0.4 required=10.0 tests=DATE_IN_PAST_12_24 autolearn=no version=2.63
X-Spam-Report: * 0.4 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date
X-SA-Exim-Version: 3.1 (built Thu Oct 23 13:26:47 PDT 2003)
X-SA-Exim-Scanned: Yes
X-uvscan-result: clean (1B56Tx-0003PK-Ei)
Return-Path: llug-users-return-443-waelghandour=msn.com@xxxxxxxxxxxxxxx
X-OriginalArrivalTime: 21 Mar 2004 17:13:11.0151 (UTC) FILETIME=[C998F7F0:01C40F67]

----- Forwarded message from Hisham Mardam Bey -----
Date: Sun, 21 Mar 2004 13:52:59 +0200

In short, I need to detect when someone on the network uses my MAC and
my IP address.

Longer story follows. I am on a LAN which might have some potentially
dangerous users. Those users might spoof my MAC address and additionally
use my IP address, thus forcing my box to go offline, and not be able to
communicate with my gateway. What I need is a passive way to check for
something of the sort, and perhaps a notofication into syslog (the
latter is not very important).

--------------------------------------------------------------
subscribe: llug-users-subscribe@xxxxxxxxxxxxxxx
unsubscribe: llug-users-unsubscribe@xxxxxxxxxxxxxxx
help: llug-users-help@xxxxxxxxxxxxxxx
--------------------------------------------------------------

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Roland Dreier: "Re: locking user space memory in kernel"
Previous message: Jörn Engel: "Re: [PATCH] cowlinks v2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]