I'm running Linux and I know my gateway will always be 192.168.1.254 with MAC address aa:aa:aa:aa:aa:aa.
Is there any way I can instruct my machine to only ever use this MAC address for the gateway and ignore all ARP responses for this IP address?
Asked
Active
Viewed 3,110 times
1
-
3Ignoring all ARP packets to prevent ARP poisoning is like amputating your head to prevent tongue cancer. – HopelessN00b Mar 13 '13 at 14:59
-
that will not prevent ARP spoofing altogether. – MDMoore313 Mar 13 '13 at 15:00
-
@HopelessN00b He doesn't want to cut his head, but his tongue. He only wants to ignore ARP packets for the _tongue_. Also, he seems to have no use for the _tongue_ at all. – Lukas Mar 13 '13 at 15:51
-
@Lukas In the first 2 question revisions, there was an explicit question about ignoring "all ARP packets," hence the comment about cranial amputation. – HopelessN00b Mar 13 '13 at 18:58
2 Answers
8
You can use arp to control the ARP tables.
arp -s 192.168.1.254 aa:aa:aa:aa:aa:aa
will statically map the IP to the MAC, bypassing ARP, and should do the trick.
gparent
- 3,561
- 2
- 23
- 28
-
-
@user164384: This is exactly what you want. In a highly locked down environment you want to use static ARP entries for any kind of infrastructure equipment. Be aware that this won't *prevent* spoofing, but it goes a long way towards mitigating classic ARP poisoning MitM attacks. – Scott Pack Mar 13 '13 at 15:39
1
-
We really do prefer that answers have content, not pointers to content. This may theoretically answer the question however, it would be preferable to include the essential parts of the answer here, and provide the link for reference. – Chris S Mar 13 '13 at 15:44