Re: ARP Poisoning

["brien mac" <aph3x () linuxmail org>]

On *nix based machines, you can setup static ARP entries. This of course only provides consistent protection if you're 
on a static connection. If you move, for instance a laptop (or even a desktop, but laptops are more likely to be moved) 
to another network segment, your default gateway's MAC address will most likely will be different. Unless you maunally 
enter a static ARP entry for the default gateway's IP each time you move to a new network segment, an ARP cache 
poisoning attack would still be possible between your machine and the default gateway... generally speaking, it would 
be possible between your machine and ANY other machine on the local LAN segment unless you setup a static entry for 
EVERY host on the local LAN segment. "man arp" for more details on setting up static entries.

On Windows machines, AKAIK, you can set a static ARP entry, but unfortunately, it does not stay static. Not too 
surprising considering Microsoft's lack of concern in the area of computer security.

Just my $.01 with 100% interest...

-Brien

> From security books I've read it's not hard to
> eavesdrop on network communication using tools like
> dsniff, even in a switched environment. My
> understanding is that it is accomplished quite easily
> by ARP poisoning your victim in thinking your
> machine's MAC as the router MAC & after interception,
> re-forwarding the traffic back to the true router MAC.
>
> Assuming the network environment is large (e.g.,
> configuring port switches for specific MAC addresses
> not practical) & desktop security cannot be guaranteed
> (and thereby cannot prevent people from allowing
> machines to IP forward), how can one defend against
> other than encrypting data.
 
> Thanks....Mike

-- 
______________________________________________
http://www.linuxmail.org/
Now with POP3/IMAP access for only US$19.95/yr

Powered by Outblaze