|
楼主 |
发表于 2008-1-11 19:48:49
|
显示全部楼层
Post by cwjiof;1805499
近来看到不少人在FreeBSD下用ipguard这个工具,效果也不错:
ipguard listens network for ARP packets. All permitted MAC/IP pairs
listed in 'ethers' file. If it recieves one with MAC/IP pair, which is
not listed in 'ethers' file, it will send ARP reply with configured
fake address. This will prevent not permitted host to work properly
in this ethernet segment. Especially Windows(TM) hosts.
Author SeaD <sead>
WWW: http://ipguard.deep.perm.ru/
ArchLinux下也有ipguard安装包,已经进入Community了。
安装后建立/etc/ethers ,并放入:
IP1 MAC1
IP2 MAC2
这是一个被动防御工具。个人电脑的话,加入网关的IP和MAC就可以了。
貌似这个是装网关上用的吧? |
|