Router ARP Cache is Not Releasing Linux / UNIX Server IP address

Posted on in Categories , , , , , , , last updated January 25, 2008

Q. Recently we made changes to our server hardware and swapped all IP address from old to a new server. However, 2 IP addresses are not get updated due to arp cache issues (IPs are cached on the router). They are going to other servers. How do I solve this problem under Redhat Enterprise Linux version 5.0 or any other Linux distribution?
Continue reading “Router ARP Cache is Not Releasing Linux / UNIX Server IP address”

ICMP IP Network Scanning / Probing using a Shell Commands

Posted on in Categories , , , , , , , , , last updated January 29, 2008

Q. How do I check security of my network by running ICMP IP Network Scanning under FreeBSD / Linux? How do I subnet broadcast addresses? All I wanted to see if my firewall is working or not.

A. Internet Control Message Protocol (ICMP) one of the core protocols of the Internet protocol suite. It is chiefly used by networked computers’ operating systems to send error messages—indicating, for instance, that a requested service is not available or that a host or router could not be reached.

ICMP IP Network Scanning with nmap tool

You can use regular open source tool called nmap. Type the following command to run ICMP IP Scan:
$ nmap -sP -PI 192.168.1.0/24
Output:

Starting Nmap 4.20 ( http://insecure.org ) at 2008-01-29 23:40 IST
Host 192.168.1.1 appears to be up.
MAC Address: 00:18:39:6A:C6:8B (Cisco-Linksys)
Host 192.168.1.106 appears to be up.
......
...
....
Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.746 seconds

Where,

  • -sP : This option tells Nmap to only perform a ping scan (host discovery), then print out the available hosts that responded to the scan. This is also known as ping scan.
  • -PI : This open tells Nmap that we are sending ICMP echo requests

Squid Proxy Server Mac Address based filtering

Posted on in Categories , , , , last updated November 1, 2007

Q. I’m using squid proxy server under CentOS Linux version 5. How to filter a particular MAC address under squid?

A. Not all operating system supports Mac address based filtering. For some operating systems. Squid calls these “ARP ACLs” and they are supported on Linux, Solaris, and BSD variants.

How do I set up ACL’s based on MAC address?

Open squid.conf:
# vi /etc/squid/squid.conf
Local acl, section and append ACL as follows:
acl macf1 arp mac-address
acl macf2 arp 00:11:22:33:44:55
http_access allow macf1
http_access allow macf2
http_access deny all

Save and close the file. Restart squid server:
# /etc/init.d/squid restart