[c-nsp] Blocking a Mac address at a router interface
Jon Lewis
jlewis at lewis.org
Thu Sep 23 14:20:50 EDT 2004
On Thu, 23 Sep 2004, Gert Doering wrote:
> As the ARP cache works IP->MAC, not MAC->IP, this isn't going to help.
>
> Something that might work is to monitor the ARP cache, and as soon as
> his MAC address shows up, null-route the corresponding IP address. But
> that needs scripting, and can't be done locally on the router.
Assuming he's using "unused" IPs, just ACL all the unused IPs. Arpwatch
on a unix host that sends email when his MAC address shows up might be
helpful too.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list