• Part I
  • sun managers I
• Part D
  • sun managers D
• Part L
  • sun managers L
• Part H
  • sun managers H
• Part B
  • sun managers B
• Part E
  • sun managers E
• Part J
  • sun managers J
• Part F
  • sun managers F
• Part C
  • sun managers C
• Part K
  • sun managers K

permanent ARP entry / diskless reboot

>I want to secure my network: now students want to plug PC

>with Linux on Ethernet... Of course, they can spy

>Ethernet.

>Another trick is to act as an already existing host:

>on the PC you set up the good IP address, and then you

>gain a lot of access through NFS exports on the server:

>like reading anyone's files. To protect from this, I wanted to

>use explicit ARP tables.

>

>Unfortunately when a diskless station reboots, the status

>of the entry in the arp table changed from 'permanent'

>to normal status.

>1. Is there any way to have really permanent entries?

I talked with the (French) Hot Line. They told me that there's

the bug I described but gave no solution. There told me about

workarounds. Now every 5 minutes, I reload the ARP table.

But this method is not a method:

- every host who can use DECNET (DEC, Sun) has to control

the Ethernet address by software. DECNET addresses are

Ethernet address, and you want to choose your DECNET

address.

- on PC, hardware just sets up a default Ethernet address.

After software can control the Ethernet address.

>2. How do other sites handle PC on Ethernet? Do we have to stop

>using NFS, NIS, and so on?

a) Use secure RPC.

b) Use Kerberos. Then any important informations is crypted.

But what do you do with X-terminals, with Eudora on PC

and Mac? Is there a kerberised Eudora?

c) About the problem of spying Ethernet: use "switched Ethernet".

(Kalpana, Alantec, or Artel) Or "switching UTP hup".

Unfortunately there's no key on Ethernet cable, on plugs, ...:

so you can remove the cable from a running station,

amd acts as the station with a PC...

Thanks to:

        bartz@dadd.ti.com (Carl Bartz)

        Dan Stromberg - OAC-DCS <strombrg@hydra.acs.uci.edu>

        lemke@MITL.Research.Panasonic.COM (Kennedy Lemke)

        jason andrade <jason@pest.ctpm.uq.oz.au>

        led@abend.cc.purdue.edu (Lew Doll)

        blymn@mulga.awadi.com.AU (Brett Lymn)

        rlyle@nl.oracle.com (Rob Lyle UNIX Sys Admin)

        Mike Raffety <miker@il.us.swissbank.com>

        Lawson A S <tony@essex.ac.uk>

        birger@vest.sdata.no (Birger A. Wathne)

        peterg@murphy.com (Peter Gutmann)

Jacques Beigbeder | Internet: beig@ens.fr

Service de Prestations Informatiques |

Ecole Normale Superieure |

45 rue d'Ulm | Tel : (33-1) 44-32-37-96

F75230 Paris Cedex 05 | Fax : (33-1) 44-32-20-80

Comments

"sun managers J [Part J]" Sponsored Links

• "sun managers J [Part J]" New Questiones!

  • permanent ARP entry / diskless reboot
  • perl scripts -- SUMMARY
  • Perl for Solaris 2.2
  • Performence of Sparc2/Weitec
  • Peculiar system crash
  • PD xmodem tool
  • PD VT3x0 emulator
  • PD Photo-CD software for sparc?
  • PD mail connections
  • PC's printing on the net
  • pcnfsd-PCTCP speed
  • PCNFSD with Solaris 2.2
  • pcnfsd V2 for SCO
  • PC-NFS5.0 & LifeLine2.0 don't seem to mix (?) (Help Geoff! :-)
  • PC-NFS/WFW3.1
  • PCNFS w/ Windows printing error
  • PCNFS Problems with Dos software
  • PCNFS problems (fwd)
  • PCNFS problems
  • PC-NFS Printing to local post under Windows3.1

Copyright © 2008 thatsjava.com • All rights reserved • CMS Theme by WebmasterFund.com - 0.188