[ale] arp requests from cable modem

Joe Steele joe at madewell.com
Tue Jan 2 20:05:03 EST 2001 

Higher level protocols such as UDP, TCP, and ICMP are encapsulated 
in IP packets, which in turn are encapsulated in lower link-level 
protocols such as ethernet.

In contrast, ARP packets are encapsulated directly in the link level 
protocol, so ARP is not a higher level protocol on top of IP.  Since 
ipchains is only for filtering IP packets, it does not filter non-IP 
packets such as ARP.

I don't know of any way to "block" ARP requests.  You can configure 
an interface so as not to use ARP, which I guess means that ARP 
requests are never sent and are ignored when received, in which case 
I suspect that all network traffic through the interface would come 
to a screeching halt.

--Joe



-----Original Message-----
From:	Robert Heaven [SMTP:robertheaven at mediaone.net]
Sent:	Friday, December 29, 2000 11:24 PM
To:	ale at ale.org
Subject:	Re: [ale] arp requests from cable modem

Do you have something like this?

ipchains -A input -p icmp -i eth0 -s $MY_SUBNET/$MY_NETMASK -d 0.0.0.0/0 -j
ACCEPT
ipchains -A input -p icmp -i eth0 -s 0.0.0.0/0 -d 0.0.0.0/0 -j DENY
ipchains -A input -p tcp -i eth0 -s 0.0.0.0/0 -d 0.0.0.0/0 1:1023 -j DENY
ipchains -A input -p udp -i eth0 -s 0.0.0.0/0 -d 0.0.0.0/0 1:1023 -j DENY
ipchains -A input -p tcp -i eth0 -y -j DENY -l

This seems to work for me. If I do a tcpdump on eth0 (cable modem side) I
can see the arp's coming in but, they're dumped in the bit bucket by the
ipchains rules.

----- Original Message -----
From: Gary S. Mackay <Gary at EdisonInfo.com>
To: ale at ale.org
To: <ale at ale.org>
Sent: Friday, December 29, 2000 6:45 PM
Subject: [ale] arp requests from cable modem


> I just started receiving all kinds of "...arp who has...." traffic comming
in
> my cable modem. What port is that stuff on so I can block it? Is it
possible
> to block? I have a pretty solid (at least I like to think so) firewall
script,
> but obviously I'm missing something.
>
> - Gary

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list