On Mar 31 mai 2005 16:10, Peter Surda a écrit : > On Tue, 31 May 2005 13:36:25 +0200 (CEST) "Sylvain BERTRAND" > <sylvain@xxxxxxxxxxxxxxxxxxxxxx> wrote: > >>Hi all, > hi > >>I highly suggest you use arpwatch. It's a daemon that monitors MAC/IP on >> a >>network, and can notify the administrator when something changes. > arpwatch can only find out if the user changes his/her IP. If they change > their > MAC (and fake someone elses), you're out of luck :-(. apt-cache show arpwatch [...] Description: Ethernet/FDDI station activity monitor Arpwatch maintains a database of Ethernet MAC addresses seen on the network, with their associated IP pairs. Alerts the system administrator via e-mail if any change happens, such as new station/activity, flip-flops, changed and re-used old addresses. >>If you want to force the MAC for an IP, use "arp -f /etc/ethers" (man >> arp). >>Iptables does the same thing with MAC matching, but using arp with a >> fixed >>table is "the proper thing to do" (tm). > [advertisement+joke] > Actually, "the proper thing to do" is to use ipset + macipmap, just like > Route > Hat does ;-) > [/advertisement+joke] Well, it's up to you ;-) Regards, Sylvain _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
