SUMMARY permanent ARP entry / diskless reboot

From: Jacques Beigbeder (
Date: Sat Nov 06 1993 - 02:49:06 CST

First question was:

>I want to secure my network: now students want to plug PC
>with Linux on Ethernet... Of course, they can spy
>Another trick is to act as an already existing host:
>on the PC you set up the good IP address, and then you
>gain a lot of access through NFS exports on the server:
>like reading anyone's files. To protect from this, I wanted to
>use explicit ARP tables.
>Unfortunately when a diskless station reboots, the status
>of the entry in the arp table changed from 'permanent'
>to normal status.
>1. Is there any way to have really permanent entries?

I talked with the (French) Hot Line. They told me that there's
the bug I described but gave no solution. There told me about
workarounds. Now every 5 minutes, I reload the ARP table.

But this method is not a method:
- every host who can use DECNET (DEC, Sun) has to control
the Ethernet address by software. DECNET addresses are
Ethernet address, and you want to choose your DECNET
- on PC, hardware just sets up a default Ethernet address.
After software can control the Ethernet address.

>2. How do other sites handle PC on Ethernet? Do we have to stop
>using NFS, NIS, and so on?

a) Use secure RPC.
b) Use Kerberos. Then any important informations is crypted.
But what do you do with X-terminals, with Eudora on PC
and Mac? Is there a kerberised Eudora?
c) About the problem of spying Ethernet: use "switched Ethernet".
(Kalpana, Alantec, or Artel) Or "switching UTP hup".
Unfortunately there's no key on Ethernet cable, on plugs, ...:
so you can remove the cable from a running station,
amd acts as the station with a PC...

Thanks to: (Carl Bartz)
        Dan Stromberg - OAC-DCS <>
        lemke@MITL.Research.Panasonic.COM (Kennedy Lemke)
        jason andrade <> (Lew Doll) (Brett Lymn) (Rob Lyle UNIX Sys Admin)
        Mike Raffety <>
        Lawson A S <> (Birger A. Wathne) (Peter Gutmann)

Jacques Beigbeder | Internet:
Service de Prestations Informatiques |
Ecole Normale Superieure |
45 rue d'Ulm | Tel : (33-1) 44-32-37-96
F75230 Paris Cedex 05 | Fax : (33-1) 44-32-20-80

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:28 CDT