*BSD News Article 86106


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!news.nacamar.de!news.apfel.de!nntp.uio.no!in1.nntp.cais.net!jupiter.dnai.com!news
From: Karl Wiebe <karl@dnai.com>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Ip's and ifconfig
Date: 3 Jan 1997 18:43:08 GMT
Organization: DNAI ( Direct Network Access )
Lines: 26
Message-ID: <5ajjvs$b64@jupiter.dnai.com>
References: <32CCF094.41C67EA6@corpex.com>
NNTP-Posting-Host: sol.dnai.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 1.1N (X11; I; SunOS 4.1.4 sun4m)
X-URL: news:32CCF094.41C67EA6@corpex.com
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:33538

Neil Fowler Wright <neil@corpex.com> wrote:
>Hi,	
>	If we have several machines on our network (Ie sames class C block from
>the same hub and router), all with the clients having root priviledge.
>How do we stop a client from allocating the ip number of another clients
>machine, or for that matter any other IP number
>in that Class C block.

This isn't particularly related to FreeBSD, but in the general case, you
can't. Ethernet being a shared medium ( I assume you use Ethernet ), packets
can contain practically anything.

If you have certain "smart" Ethernet hubs, you can set them up to
only accept one specific MAC address on a given port, and you could combine
this with a router ( which could be a FreeBSD box "with benefit of source" )
that refused to honor ARP broadcasts in the normal way, and insisted on its
own mapping. So, if the only way out of that LAN segment was through the
router, this would enforce the correct IP. This is pretty convoluted, though.

--Karl
-- 
        == Karl Wiebe == karl@dnai.com ==         
"Order is a form of repetition compulsion" --Freud
"Order is a form of repetition compulsion" --Freud
"Order is a form of repetition compulsion" --Freud