<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: FreeBSD arp poison patch

FreeBSD arp poison patch

From: <bert_raccoon_at_freemail.ru>
Date: 3 Dec 2003 13:43:30 -0000

('binary' encoding is not supported, stored as-is) There is well known problem arp poisoning problem in FreeBSD. If
arp reply is received without request FreeBSD logs error
into syslog, but changes arp table entry. It makes possibility
for local atacker to change arp cache entry. In network this
behaviour can only occure when adapter changes it's MAC address.

Attached is patch to check old MAC address before changing
arp entry by sending unicast arp request to this MAC. If old MAC
replies, no changes to arp table is made and attack is logged.

Same patch for linux was published by Buggzy. Patch was tested for
FreeBSD 4.6 - 5.0.

To apply patch do:
download http://freecap.ru/if_ether.c.patch
# cd /sys/netinet
# patch < /path/to/patch
and rebuild the kernel.

Received on Dec 03 2003

This message: [ Message body ]
Next message: S-Quadra Security Research: "GnuPG 1.2.3, 1.3.3 external HKP interface format string issue"
Previous message: SGI Security Coordinator: "do_brk() vulnerability on SGI Altix systems"
Next in thread: Ryota Hirose: "Re: FreeBSD arp poison patch"
Reply: Ryota Hirose: "Re: FreeBSD arp poison patch"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]