I used to have all MAC address in ARP table the same
I used wireshark I saw those ARP packets poisoning every thing
Then I started using DHCP server and collect a table of all clients
connected to the m0n0wall.
After that I had arp.txt file uploaded in file manager
And in config.xml a command to be executed in every startup to have arp.txt
as Static ARP table
After that the logging changed
It tells me that kernel : arp : MAC address attempts to modify permanent
entry for x.x.x.x 00:00:00:00:00:00
It gives me the spoofer Mac address
Now I could look up the MAC in my DHCP static lease to know the Spoofer, but
the spoofer could change his MAC every minute :) and uses fake one so I
could not catch him unless I started unplugging cables which is near
impossible because of switching, it is like 20 switches in 20 different
100 client network sharing 2Mb/s ADSL 1/4 Line each have 256/64 kb/s down/up
speed and using 1.3b13 working smoothly.
Only ARP thing
After static ARP the server is protected, but clients are not.
From: Steve Bertrand [mailto:steve at ibctech dot ca]
Sent: Friday, May 01, 2009 7:18 AM
To: Mohammed Ismail
Cc: 'Lee Sharp'; m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Anti netcut (was Re: [m0n0wall] m0n0wall 1.3b17)
Mohammed Ismail wrote:
> You miss the point they do it on regular Switched Ethernet
> Just the cheapest switches, and clients are not seeing each other.
> I really cannot change from m0n0wall, I am already using it for more than
> years, and my clients are satisfied with fascinating easy web interface,
Do all of your users connect with Ethernet cable, like this?:
| switch |
| | |
/ | \
| | |
client | client
> I might migrate to pfsense, but nothing really much there, I look to
> m0n0wall as the slandered for me all what I need is in one small image,
> In other way, I believe there will be a solution or semi-solution on
You don't want users to get the default gateway, if they are not
allowed. Is that right?
Is that all you want to stop from happening?