mailing list archives
Re: ARP Poisoning
From: "brien mac" <aph3x () linuxmail org>
Date: Thu, 07 Nov 2002 18:59:56 -0400
On *nix based machines, you can setup static ARP entries. This of course only provides consistent protection if you're
on a static connection. If you move, for instance a laptop (or even a desktop, but laptops are more likely to be moved)
to another network segment, your default gateway's MAC address will most likely will be different. Unless you maunally
enter a static ARP entry for the default gateway's IP each time you move to a new network segment, an ARP cache
poisoning attack would still be possible between your machine and the default gateway... generally speaking, it would
be possible between your machine and ANY other machine on the local LAN segment unless you setup a static entry for
EVERY host on the local LAN segment. "man arp" for more details on setting up static entries.
On Windows machines, AKAIK, you can set a static ARP entry, but unfortunately, it does not stay static. Not too
surprising considering Microsoft's lack of concern in the area of computer security.
Just my $.01 with 100% interest...
From security books I've read it's not hard to
eavesdrop on network communication using tools like
dsniff, even in a switched environment. My
understanding is that it is accomplished quite easily
by ARP poisoning your victim in thinking your
machine's MAC as the router MAC & after interception,
re-forwarding the traffic back to the true router MAC.
Assuming the network environment is large (e.g.,
configuring port switches for specific MAC addresses
not practical) & desktop security cannot be guaranteed
(and thereby cannot prevent people from allowing
machines to IP forward), how can one defend against
other than encrypting data.
Now with POP3/IMAP access for only US$19.95/yr
Powered by Outblaze