Difference between revisions of "NAD710 Lab 2 Answers"
Milton.paiva (talk | contribs) |
|||
| Line 46: | Line 46: | ||
Disabling ARP on a network interface can be used to prevent a high-security server from being accessed by unauthorized hosts. While this is to some extent 'security through obscurity', in practice it is dificult to guess the MAC address of the desired host if it refuses to respond to one's ARP requests. | Disabling ARP on a network interface can be used to prevent a high-security server from being accessed by unauthorized hosts. While this is to some extent 'security through obscurity', in practice it is dificult to guess the MAC address of the desired host if it refuses to respond to one's ARP requests. | ||
| + | |||
| + | '''7. Describe the procedure you used in determining the life time of an ARP cache entry on a Linux system.''' | ||
| + | |||
| + | * Turn on two linux machines and get it's ip address and mac address | ||
| + | |||
| + | * In computer A, erase all the arp table | ||
| + | |||
| + | # ifconfig eth0 -arp | ||
| + | # ifconfig eth0 arp | ||
| + | |||
| + | * ping -c 1 <computer B>;date;script;date | ||
| + | |||
| + | ''The function of the script is to keep reading the output of the arp cache (arp -n command) each second until the mac address of the computer B disappear'' | ||
Revision as of 21:20, 12 September 2008
1. What is the effect of the first "ifconfig ethxx down" command on the system's ARP cache ?
Answer:
The arp table becomes empty after the first "ifconfig eth1 down"
[root@localhost ~]# arp -n Address HWtype HWaddress Flags Mask Iface 142.204.141.131 ether 00:0E:7F:3C:A8:F3 C eth1 142.204.141.129 ether 00:0E:0C:4B:31:5C C eth1 [root@localhost ~]# ifconfig eth1 down [root@localhost ~]# arp -n [root@localhost ~]# ifconfig eth1 up [root@localhost ~]# arp -n
2. What command disable ARP on a network interface?
Answer:
To disable ARP on a network interface named 'ethxxx', one would use a command of the form 'ifconfig ethxxx -arp'.
3. How do you enable ARP on a network interface if it has been disabled?
Answer:
To re-enable ARP on a network interface named 'ethxxx', one would use a command of the form 'ifconfig ethxxx arp'.
4. What is the consequence of disabling ARP on a network interface?
Answer:
If ARP has been disabled on a network interface, ARP packets recieved by that interface will be dropped. This prevents the machine from either resolving the corresponding MAC address for a particular IP address or from responding to a requestion for such resolution.
5. How do you manually add an entry to the ARP cache?
Answer:
To manually add an entry to the ARP table, one would isssue a command of the following form, where 'xx:xx:xx:xx:xx:xx' is the MAC address you are attempting to add and 'xxx.xxx.xxx.xxx' is the corresponding IP address:
'arp -s xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx'
6. What would be the possible advantage of disabling ARP on a network interface?
Answer:
Disabling ARP on a network interface can be used to prevent a high-security server from being accessed by unauthorized hosts. While this is to some extent 'security through obscurity', in practice it is dificult to guess the MAC address of the desired host if it refuses to respond to one's ARP requests.
7. Describe the procedure you used in determining the life time of an ARP cache entry on a Linux system.
- Turn on two linux machines and get it's ip address and mac address
- In computer A, erase all the arp table
# ifconfig eth0 -arp # ifconfig eth0 arp
- ping -c 1 <computer B>;date;script;date
The function of the script is to keep reading the output of the arp cache (arp -n command) each second until the mac address of the computer B disappear
