A passive method for Linux/FreeBSD to some extent corresponding to ARP spoofing (hiding MAC)

Author: Helvin
Source: evil baboons Information Security Team (www.eviloctal.com)

First, protest against irresponsible behaviors of some IDCs in China

Generally, the spoofing machine obtains the MAC address of the gateway through ARP Request, and then obtains the MAC address of your server in the same way to perform two-way spoofing, and then the sniffer password, Trojan, and so on.
Almost all IDCs in China use hundreds of servers to share a gateway. Then there are several vulnerabilities on hundreds of servers, and then you will be cheated by ARP, infected by Trojans or passwords.

The following describes how to use arptables in Linux to prevent ARP requests from obtaining your MAC. In this way, attackers will think that your server does not exist (it was originally very complicated and requires patch to compile the kernel or something. We found that there was an arptables last week, without compiling the kernel. Now we can write down the method)

Debian/Ubuntu :( runas sudo) CentOS/RHAS is called arptables_jf
Reference:
Apt-get install arptables
Arptables-a input -- src-mac! Gateway MAC-j DROP
Arptables-a input-s! Gateway IP-j DROP

If you want to connect Intranet machines on this website, you can reference:
Arptables-I INPUT -- src-mac your other server MAC ACCEPT

If your MAC has been obtained by a spoofed machine, you can only modify the ifconfig ethx hw ether MAC.

There is a certain risk. Please test it as appropriate. You can also refresh the gateway and local ARP binding as needed.
Do not send an ARP Request to any IP address other than the gateway.

Add a method to hide MAC under FreeBSD.
First, enable the ipfw ether layer filter function in sysctl net. link. ether. IPFW = 1 (sysctl net. link. ether. bridge_ipfw = 1 in bridge mode)
Then
Ipfw add 00005 allow ip from any to any MAC gateway MAC any/* Open your communication to the gateway */
Ipfw add 00006 allow ip from any to any MAC any gateway MAC/* open the gateway to your communication */
/*... You can add the IP addresses that need to be interconnected in this section. MAC bidirectional communication ........*/
Ipfw add 00010 deny ip from any to any MAC any/* close any response from all other MAC */

If the server is used as an intranet gateway, you can go to the Intranet Nic interface.
Ifconfig em1-arp/* disable ARP response (assuming that em0 is an intranet Nic )*/
Arp-f/etc/arp. list/* set static ARP table */
The following describes the format of ARP. list in arp (8,
Cause the file filename to be read and multiple entries to be set
In the ARP tables. Entries in the file shocould be of the form

Hostname ether_addr [temp] [pub]

With argument meanings as given abve. Leading whitespace and
Empty lines are ignored. A' # & #39; character will mark the rest
The line as a comment.