--r5Pyd7+fXNt84Ff3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

I have created an rc.d script for adding static ARP entries to the kernel
ARP table at boottime, to help prevent ARP based sniffing and man-in-the-
middle attacks.  

The user can gather a list of the hardware adress (MAC adress) of some or
all nodes in the subnet, and list them in the file /etc/ethers.  These ARP
entries will then _statically_ be added to the kernel ARP table, so no
attacker can externally modify them.  The format of this file is very easy: 

	hostname ether_addr

e.g.:

	192.16.1.20 00:12:bf:02:b4:ff

See arp(8) for details.  

To tech-pkg: 
Since other UNIXen (I checked Linux and Solaris) also have "arp -f", with
the same file format, it may be interesting to also create a pkgsrc package
for this script?  

GH

-- 
:wq

--r5Pyd7+fXNt84Ff3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=arptable

#!/bin/sh
#
# $NetBSD$
#

# PROVIDE: arptable
# BEFORE:  NETWORKING

. /etc/rc.subr

name="arptable"
rcvar="arptable"
command="/usr/sbin/arp"
conf_file="/etc/ethers"
required_files="${conf_file}"
command_args="-f ${conf_file}"
stop_cmd=":"

load_rc_config $name
run_rc_command "$1"

--r5Pyd7+fXNt84Ff3--