Snort mailing list archives
Re: Prevent ARP attack on NIDS sniffer.
From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Mon, 25 Aug 2003 11:02:15 +0200
Sam Wun wrote:
Dear all, How can I configure a NIDS sinffer to avoid ARP attack?
What kind of an attack based on the ARP protocol are you afraid of? Some more information on this please...
If an NIC of the NIDS configured without IP but still need to enabled MAC configured (by default assigned by system).
MAC = Media Access Control is for every network device theoretically unique 48bit long number. You can't disable it: It is being given to every device by its hardware manufacturer. It can be changed but AFAIK you can't delete it. What you probably mean is the ARP protocol, which is making use of the MAC-Addresses. Under Linux you can configure your nic without an IP and without activating the ARP protocol so it will never response to the ARP requests and remain almost "unvisible" that way: ifconfig -i eth0 -arp up If that is what you ment. ;)
May be my question is out of scope, but really wondering how to hide MAC as well?? and the impact to the NIDS? Thanks sam
Regards, Edin -- Edin Dizdarevic ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Session statistics John Creegan (Aug 21)
- Re: Session statistics Erek Adams (Aug 21)
- Re: Session statistics Andrew R. Baker (Aug 22)
- Re: Session statistics Andreas Östling (Aug 22)
- Prevent ARP attack on NIDS sniffer. Sam Wun (Aug 24)
- Re: Prevent ARP attack on NIDS sniffer. Edin Dizdarevic (Aug 25)
- Re: Prevent ARP attack on NIDS sniffer. Erek Adams (Aug 25)
- Prevent ARP attack on NIDS sniffer. Sam Wun (Aug 24)
- Re: Session statistics Bamm Visscher (Aug 22)
- <Possible follow-ups>
- Re: Session statistics Richard Bejtlich (Aug 25)
- Re: Session statistics Erek Adams (Aug 21)