LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Win98 hi-jacking IP's ... (https://www.linuxquestions.org/questions/linux-networking-3/win98-hi-jacking-ips-134180/)

Tinkster 01-12-2004 09:35 PM
Win98 hi-jacking IP's ...
 
Hi guys,

I've been googling all afternoon, but couldn't
come up with a solution ...

Our boy was mucking around with his windows,
and "hi-jacked" the IP of my workstation... I know
how to use iptables to stop him from going outside
with my IP, but I would like to know how I can
prevent such a thing completely... my NFS connection
broke down after he grabbed my IP.


Cheers,
Tink

chort 01-12-2004 09:48 PM
Well, an OS shouldn't allow you to assign yourself an IP that exists on the local network segment, but it's very possible that Win98 will ignore ARP errors.

The only thing that comes to mind is that you could write a script to automatically adds definitions for all your other machines on boot. The following snippet is from the OpenBSD arp(8) man page:
Quote:
ARP(8) OpenBSD System Manager's Manual ARP(8)

NAME
arp - address resolution display and control

SYNOPSIS
arp [-n] hostname
arp [-n] -a
arp -d hostname
arp -d -a
arp -s hostname ether_addr [temp | permanent] [pub]
arp -f filename

DESCRIPTION
The arp program displays and modifies the Internet-to-Ethernet address
translation tables used by the address resolution protocol (arp(4)).
With no flags, the program displays the current ARP entry for hostname.
The host may be specified by name or by number, using Internet dot nota-
tion.

Available options:

-a The program displays or deletes all of the current ARP entries.

-d A superuser may delete an entry for the host called hostname with
the -d flag.

Alternatively, the -d flag may be combined with the -a flag to
delete all entries, with hostname lookups automatically disabled.

-n Show network addresses as numbers (normally arp attempts to dis-
play addresses symbolically).

-s hostname ether_addr
Create an ARP entry for the host called hostname with the Ether-
net address ether_addr. The Ethernet address is given as six hex
bytes separated by colons. The entry will be static, i.e., not
time out, unless the word temp is given in the command. A static
ARP entry can be overwritten by network traffic, unless the word
permanent is given. If the word pub is given, the entry will be
``published''; i.e., this system will act as an ARP server, re-
sponding to requests for hostname even though the host address is
not its own. This behavior has traditionally been called proxy
arp.

-f Causes the file filename to be read and multiple entries to be
set in the ARP tables. Entries in the file should be of the form

hostname ether_addr [temp | permanent] [pub]

with argument meanings as given above.

EXAMPLES
To view the current arp table:

$ arp -a

To create a permanent entry (One that cannot be overwritten by other net-
work traffic):

# arp -s 10.0.0.2 00:90:27:bb:cc:dd permanent

...
Edit: this is the last edit, I swear...
So essentially what this is doing is telling all the other hosts to ignore a host that pretends to be something other than it is. Note that you'll have to use arp -s on every host that you want protected.


All times are GMT -5. The time now is 03:44 PM.