Home page logo
/

basics logo Security Basics mailing list archives

Re: ARP Poisoning
From: "brien mac" <aph3x () linuxmail org>
Date: Thu, 07 Nov 2002 18:59:56 -0400

On *nix based machines, you can setup static ARP entries. This of course only provides consistent protection if you're 
on a static connection. If you move, for instance a laptop (or even a desktop, but laptops are more likely to be moved) 
to another network segment, your default gateway's MAC address will most likely will be different. Unless you maunally 
enter a static ARP entry for the default gateway's IP each time you move to a new network segment, an ARP cache 
poisoning attack would still be possible between your machine and the default gateway... generally speaking, it would 
be possible between your machine and ANY other machine on the local LAN segment unless you setup a static entry for 
EVERY host on the local LAN segment. "man arp" for more details on setting up static entries.

On Windows machines, AKAIK, you can set a static ARP entry, but unfortunately, it does not stay static. Not too 
surprising considering Microsoft's lack of concern in the area of computer security.

Just my $.01 with 100% interest...

-Brien

From security books I've read it's not hard to
eavesdrop on network communication using tools like
dsniff, even in a switched environment. My
understanding is that it is accomplished quite easily
by ARP poisoning your victim in thinking your
machine's MAC as the router MAC & after interception,
re-forwarding the traffic back to the true router MAC.

Assuming the network environment is large (e.g.,
configuring port switches for specific MAC addresses
not practical) & desktop security cannot be guaranteed
(and thereby cannot prevent people from allowing
machines to IP forward), how can one defend against
other than encrypting data.
 
Thanks....Mike

-- 
______________________________________________
http://www.linuxmail.org/
Now with POP3/IMAP access for only US$19.95/yr

Powered by Outblaze


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]