News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Feature Requests
linktree Topic: Static ARP
Pages: [1]
Topic: Static ARP  (Read 2875 times)
« on: July 19, 2010, 02:51:19 »
momothefox *
Posts: 49
i hope m0n0wall gets to the fact that the ARP table is not protected unless we use static permanent entries. i have seen it in Pfsense, in DHCP server Page.
check box let the system writes the DHCP reservations into the ARP table.

Best regards,
Mohammed Ismail
« Last Edit: August 03, 2010, 03:54:18 by momothefox »
Mohammed Ismail
« Reply #1 on: August 03, 2010, 04:08:47 »
momothefox *
Posts: 49
i was able to do this via editing xml config file manualy and using arp-f /var/db/cpelements/arp.txt
but as it is critical to the security of m0n0wall in dynamic networks. while the clients are not controlled by a network administrator.
some how when a network spoof is started  some worms fake the mac of spoofing machine, so logs come in system page are false with fake mac address that is being written to the clients. which is the opposite while using static ARP table.
it is showing the real mac of the attacker warning about an attempt to modify permanent entry. so it helps in detecting the attacker without any external network analyzers.
though i am facing a problem of DHCP, after editing in DHCP reservations i have to edit my file and then upload it to file manager and then run command from exec.php to re-read the file as ARP table. this process is long, although it could be done automatically  after every edit in DHCP server reservations or lease file.
this is going to be a big thing to be added, i hope there is time for that. or it might get ported from Pfsense if could be.
regards
Mohammed
Mohammed Ismail
« Reply #2 on: August 15, 2010, 15:54:21 »
momothefox *
Posts: 49
Quote
function interfaces_staticarp_configure($if) {
   global $config, $g;
   if(isset($config['system']['developerspew'])) {
      $mt = microtime();
      echo "interfaces_staticarp_configure($if) being called $mt\n";
   }

        $ifcfg = $config['interfaces'][$if];

        /* Enable staticarp, if enabled */
        if(isset($config['dhcpd'][$if]['staticarp'])) {
                mwexec("/sbin/ifconfig " . escapeshellarg($ifcfg['if']) . " staticarp " );
                mwexec("/usr/sbin/arp -ad > /dev/null 2>&1 ");
                if (is_array($config['dhcpd'][$if]['staticmap'])) {

                        foreach ($config['dhcpd'][$if]['staticmap'] as $arpent) {
                                mwexec("/usr/sbin/arp -s " . escapeshellarg($arpent['ipaddr']) . " " . escapeshellarg($arpent['mac']));

                        }

                }
        } else {
                mwexec("/sbin/ifconfig " . escapeshellarg($ifcfg['if']) . " -staticarp " );
                mwexec("/usr/sbin/arp -da > /dev/null 2>&1 ");
        }

        return 0;
}

is this could be ported from pfsense to m0n0wall?
thanks
Mohammed Ismail
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines