Re: [gentoo-user] arp question - gentoo-user - Gentoo Mailing List Archives

From:	lee <lee@××××××××.de>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] arp question
Date:	Sat, 26 Dec 2015 05:00:42
Message-Id:	`87vb7lu8gm.fsf@heimdali.yagibdah.de`
In Reply to:	Re: [gentoo-user] arp question by Adam Carter

1

Adam Carter <adamcarter3@×××××.com> writes:

2

3

>>

4

>> grandstream.yagibdah.de (192.168.3.80) auf 00:0b:82:16:ed:9e [ether] auf

5

>> enp2s0

6

>> grandstream.yagibdah.de (192.168.3.80) auf 00:0b:82:16:ed:9e [ether] auf

7

>> enp1s0

8

>> spa.yagibdah.de (192.168.3.81) auf 88:75:56:07:44:c8 [ether] auf enp2s0

9

>> spa.yagibdah.de (192.168.3.81) auf 88:75:56:07:44:c8 [ether] auf enp1s0

10

>>

11

>>

12

>> enp2s0 is an interface dedicated to a PPPoE connection, and enp1s0

13

>> connects to the LAN.

14

>>

15

>> IIUC, this is bound to cause problems.

16

>>

17

>> How is it possible for the wrong entries to be created, and what can I

18

>> do to prevent them?

19

>>

20

>>

21

> arp mappings are untrusted so your machine will accept anything is sees on

22

> the network. That's what makes MITM so easy on a connected subnet. What

23

> makes you think they are wrong?

24

25

They are wrong because there is no way for network traffic from the

26

devices on the LAN to make it to the interface enp2s0.  Or, if they do

27

make it there, then there is something else seriously wrong.

28

29

> Also, the output of ifconfig would be helpful.

30

31

32

,----

33

| heimdali ~ # ifconfig -a

34

| br_dmz: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500

35

|         inet 192.168.1.1  netmask 255.255.255.0  broadcast 192.168.1.255

36

|         inet6 fe80::5cce:2bff:fedc:dce0  prefixlen 64  scopeid 0x20<link>

37

|         ether fe:18:b0:e9:78:47  txqueuelen 0  (Ethernet)

38

|         RX packets 5124752  bytes 3554838408 (3.3 GiB)

39

|         RX errors 0  dropped 0  overruns 0  frame 0

40

|         TX packets 5080086  bytes 3508269156 (3.2 GiB)

41

|         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

42

|

43

| enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

44

|         inet 192.168.3.20  netmask 255.255.255.0  broadcast 192.168.3.255

45

|         inet6 fe80::7aac:c0ff:fe3c:2dc8  prefixlen 64  scopeid 0x20<link>

46

|         ether 78:ac:c0:3c:2d:c8  txqueuelen 1000  (Ethernet)

47

|         RX packets 998350  bytes 217325937 (207.2 MiB)

48

|         RX errors 0  dropped 7332  overruns 0  frame 0

49

|         TX packets 965281  bytes 274572349 (261.8 MiB)

50

|         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

51

|         device interrupt 17  

52

|

53

| enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

54

|         inet 185.55.75.245  netmask 255.255.255.255  broadcast 185.55.75.245

55

|         inet6 fe80::7aac:c0ff:fe3c:2dc9  prefixlen 64  scopeid 0x20<link>

56

|         ether 78:ac:c0:3c:2d:c9  txqueuelen 1000  (Ethernet)

57

|         RX packets 5157535  bytes 4875664995 (4.5 GiB)

58

|         RX errors 0  dropped 0  overruns 0  frame 0

59

|         TX packets 3377329  bytes 413568759 (394.4 MiB)

60

|         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

61

|         device interrupt 16  

62

|

63

| lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

64

|         inet 127.0.0.1  netmask 255.0.0.0

65

|         inet6 ::1  prefixlen 128  scopeid 0x10<host>

66

|         loop  txqueuelen 0  (Lokale Schleife)

67

|         RX packets 276299  bytes 78159006 (74.5 MiB)

68

|         RX errors 0  dropped 0  overruns 0  frame 0

69

|         TX packets 276299  bytes 78159006 (74.5 MiB)

70

|         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

71

|

72

| ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1492

73

|         inet 185.55.75.245  netmask 255.255.255.255  destination 192.168.75.1

74

|         ppp  txqueuelen 3  (Punkt-zu-Punkt Verbindung)

75

|         RX packets 7250  bytes 3180943 (3.0 MiB)

76

|         RX errors 0  dropped 0  overruns 0  frame 0

77

|         TX packets 6123  bytes 711342 (694.6 KiB)

78

|         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

79

|

80

| veth5CBR3D: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

81

|         inet6 fe80::fc18:b0ff:fee9:7847  prefixlen 64  scopeid 0x20<link>

82

|         ether fe:18:b0:e9:78:47  txqueuelen 1000  (Ethernet)

83

|         RX packets 5077428  bytes 3616056439 (3.3 GiB)

84

|         RX errors 0  dropped 0  overruns 0  frame 0

85

|         TX packets 5031817  bytes 3495334672 (3.2 GiB)

86

|         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

87

|

88

| vethYXJVKH: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

89

|         inet6 fe80::fcd0:65ff:fec5:7b44  prefixlen 64  scopeid 0x20<link>

90

|         ether fe:d0:65:c5:7b:44  txqueuelen 1000  (Ethernet)

91

|         RX packets 47324  bytes 10528497 (10.0 MiB)

92

|         RX errors 0  dropped 0  overruns 0  frame 0

93

|         TX packets 48502  bytes 13062823 (12.4 MiB)

94

|         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

95

|

96

| heimdali ~ # brctl show

97

| bridge name     bridge id               STP enabled     interfaces

98

| br_dmz          8000.fe18b0e97847       no              veth5CBR3D

99

|                                                         vethYXJVKH

100

| heimdali ~ # route -n

101

| Kernel IP Routentabelle

102

| Ziel            Router          Genmask         Flags Metric Ref    Use Iface

103

| 0.0.0.0         192.168.75.1    0.0.0.0         UG    4005   0        0 ppp0

104

| 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

105

| 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br_dmz

106

| 192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 enp1s0

107

| 192.168.3.80    0.0.0.0         255.255.255.255 UH    0      0        0 enp1s0

108

| 192.168.3.81    0.0.0.0         255.255.255.255 UH    0      0        0 enp1s0

109

| 192.168.75.1    0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

110

| heimdali ~ # 

111

`----

112

113

114

Even after adding the static routes and creating firewall rules to drop

115

all traffic from the devices to the internet, their arp entries continue

116

to be renewed.  How is that possible?

Gentoo Archives: gentoo-user

Replies

1	Adam Carter <adamcarter3@×××××.com> writes:
2
3	>>
4	>> grandstream.yagibdah.de (192.168.3.80) auf 00:0b:82:16:ed:9e [ether] auf
5	>> enp2s0
6	>> grandstream.yagibdah.de (192.168.3.80) auf 00:0b:82:16:ed:9e [ether] auf
7	>> enp1s0
8	>> spa.yagibdah.de (192.168.3.81) auf 88:75:56:07:44:c8 [ether] auf enp2s0
9	>> spa.yagibdah.de (192.168.3.81) auf 88:75:56:07:44:c8 [ether] auf enp1s0
10	>>
11	>>
12	>> enp2s0 is an interface dedicated to a PPPoE connection, and enp1s0
13	>> connects to the LAN.
14	>>
15	>> IIUC, this is bound to cause problems.
16	>>
17	>> How is it possible for the wrong entries to be created, and what can I
18	>> do to prevent them?
19	>>
20	>>
21	> arp mappings are untrusted so your machine will accept anything is sees on
22	> the network. That's what makes MITM so easy on a connected subnet. What
23	> makes you think they are wrong?
24
25	They are wrong because there is no way for network traffic from the
26	devices on the LAN to make it to the interface enp2s0. Or, if they do
27	make it there, then there is something else seriously wrong.
28
29	> Also, the output of ifconfig would be helpful.
30
31
32	,----
33	\| heimdali ~ # ifconfig -a
34	\| br_dmz: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
35	\| inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
36	\| inet6 fe80::5cce:2bff:fedc:dce0 prefixlen 64 scopeid 0x20<link>
37	\| ether fe:18:b0:e9:78:47 txqueuelen 0 (Ethernet)
38	\| RX packets 5124752 bytes 3554838408 (3.3 GiB)
39	\| RX errors 0 dropped 0 overruns 0 frame 0
40	\| TX packets 5080086 bytes 3508269156 (3.2 GiB)
41	\| TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
42	\|
43	\| enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
44	\| inet 192.168.3.20 netmask 255.255.255.0 broadcast 192.168.3.255
45	\| inet6 fe80::7aac:c0ff:fe3c:2dc8 prefixlen 64 scopeid 0x20<link>
46	\| ether 78:ac:c0:3c:2d:c8 txqueuelen 1000 (Ethernet)
47	\| RX packets 998350 bytes 217325937 (207.2 MiB)
48	\| RX errors 0 dropped 7332 overruns 0 frame 0
49	\| TX packets 965281 bytes 274572349 (261.8 MiB)
50	\| TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
51	\| device interrupt 17
52	\|
53	\| enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
54	\| inet 185.55.75.245 netmask 255.255.255.255 broadcast 185.55.75.245
55	\| inet6 fe80::7aac:c0ff:fe3c:2dc9 prefixlen 64 scopeid 0x20<link>
56	\| ether 78:ac:c0:3c:2d:c9 txqueuelen 1000 (Ethernet)
57	\| RX packets 5157535 bytes 4875664995 (4.5 GiB)
58	\| RX errors 0 dropped 0 overruns 0 frame 0
59	\| TX packets 3377329 bytes 413568759 (394.4 MiB)
60	\| TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
61	\| device interrupt 16
62	\|
63	\| lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
64	\| inet 127.0.0.1 netmask 255.0.0.0
65	\| inet6 ::1 prefixlen 128 scopeid 0x10<host>
66	\| loop txqueuelen 0 (Lokale Schleife)
67	\| RX packets 276299 bytes 78159006 (74.5 MiB)
68	\| RX errors 0 dropped 0 overruns 0 frame 0
69	\| TX packets 276299 bytes 78159006 (74.5 MiB)
70	\| TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
71	\|
72	\| ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1492
73	\| inet 185.55.75.245 netmask 255.255.255.255 destination 192.168.75.1
74	\| ppp txqueuelen 3 (Punkt-zu-Punkt Verbindung)
75	\| RX packets 7250 bytes 3180943 (3.0 MiB)
76	\| RX errors 0 dropped 0 overruns 0 frame 0
77	\| TX packets 6123 bytes 711342 (694.6 KiB)
78	\| TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
79	\|
80	\| veth5CBR3D: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
81	\| inet6 fe80::fc18:b0ff:fee9:7847 prefixlen 64 scopeid 0x20<link>
82	\| ether fe:18:b0:e9:78:47 txqueuelen 1000 (Ethernet)
83	\| RX packets 5077428 bytes 3616056439 (3.3 GiB)
84	\| RX errors 0 dropped 0 overruns 0 frame 0
85	\| TX packets 5031817 bytes 3495334672 (3.2 GiB)
86	\| TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
87	\|
88	\| vethYXJVKH: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
89	\| inet6 fe80::fcd0:65ff:fec5:7b44 prefixlen 64 scopeid 0x20<link>
90	\| ether fe:d0:65:c5:7b:44 txqueuelen 1000 (Ethernet)
91	\| RX packets 47324 bytes 10528497 (10.0 MiB)
92	\| RX errors 0 dropped 0 overruns 0 frame 0
93	\| TX packets 48502 bytes 13062823 (12.4 MiB)
94	\| TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
95	\|
96	\| heimdali ~ # brctl show
97	\| bridge name bridge id STP enabled interfaces
98	\| br_dmz 8000.fe18b0e97847 no veth5CBR3D
99	\| vethYXJVKH
100	\| heimdali ~ # route -n
101	\| Kernel IP Routentabelle
102	\| Ziel Router Genmask Flags Metric Ref Use Iface
103	\| 0.0.0.0 192.168.75.1 0.0.0.0 UG 4005 0 0 ppp0
104	\| 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
105	\| 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br_dmz
106	\| 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 enp1s0
107	\| 192.168.3.80 0.0.0.0 255.255.255.255 UH 0 0 0 enp1s0
108	\| 192.168.3.81 0.0.0.0 255.255.255.255 UH 0 0 0 enp1s0
109	\| 192.168.75.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
110	\| heimdali ~ #
111	`----
112
113
114	Even after adding the static routes and creating firewall rules to drop
115	all traffic from the devices to the internet, their arp entries continue
116	to be renewed. How is that possible?

Subject	Author
Re: [gentoo-user] arp question	Adam Carter <adamcarter3@×××××.com>
Re: [gentoo-user] arp question	Adam Carter <adamcarter3@×××××.com>