Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Securing network with static arp

    Hi guys. I am trying to secure my LAN a little by doing static arp entries. But I am not sure how to go about doing this... I have a gateway, and I have a seperate box that runs dhcpd. I would like to assign every machine an ip and only allow it to use that ip, therefore static dhcp entries, and static arp entries on the gateway.
    1. But how do I prevent someone from picking an ip that nobody is using and assigning it manually?
    2. I assigned a static arp entry by doing arp -i br0 -s 00:1F:E1:CC:2E:46, how do I remove it now? I used arp -d but now it just says:
    ? ( at <incomplete> on br0
    3. I would also like each machine to have a hostname/dns.. like machinex.local, where I can do forward and reverse dns lookups, how do I config this?
    4. I know static arp can be fooled if someone just clones an allow mac.. is there anything else that I could use that is more secure for wired lan?
    5. I have my gateway running rflow sending all data to ntop running on my dhcp box.. Ntop is kinda cryptic, is there anything easier to use? or something that is better in features? I would like to see how much bandwidth each local ip is using and possibly what protocols, like ntop already shows.

  2. #2
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Revisit this:

    IEEE 802.1X - Wikipedia, the free encyclopedia

    EAP/PEAP protocols may do the job. Basically they let users authenticate with their realm on a radius server, which in turn gives them - and only them - the credentials to communicate with the network.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts