Differences between current version and previous revision of StealthPacketShaping.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 2 | Last edited on Wednesday, July 30, 2003 11:59:09 pm | by GeoffThornburrow | |
| Older page: | version 1 | Last edited on Wednesday, July 30, 2003 11:46:02 pm | by GeoffThornburrow | Revert |
@@ -1,5 +1,7 @@
Stealth Packet Shaping involves adding a machine to a network to act as a firewall/packet-shaper without the rest of the network really being aware of it. This can be used for good (avoiding hassle of reconfiguring network settings) or evil (prioritising your traffic above everyone elses).
+
+It is assumed that no other configuration can be done to the network. This means that we cant play with the existing WAN router or firewall, change the DHCP server, change the IP addresses of devices etc. This is often the case in corporate networks, where layers of approvals, procedures and clueless PHBs prevent any real changes being made.
For the juicy details on how to do it, see [http://www.sjdjweis.com/linux/proxyarp/].
In the meantime, here is a brief explanation:
@@ -37,4 +39,6 @@
* The Stealth Box (172.22.0.2) picks up the ARP, replies: 172.22.0.100 is at my eth1 MAC address
* The Cisco sends the packet to 172.22.0.2, which routes it through to 172.22.0.100
The beauty is that none of the other machines knows that they are routing through the new machine. The only way to see what's really happening is via traceroute (the new machine shows up before the default gateway) or by listing the ARP table (several IPs will have the same MAC address).
+
+If you are wondering about the practicalities of this, it's currently running very well in a medium business branch with about 40-50 Windows PCs. The box was configured before plugging into the network. It was plugged in and the Cisco was rebooted to clear its ARP cache. Once the Windows machines' ARP caches expired, it worked like a charm.
