Security Basics mailing list archives
Re: ARP Poisoning
From: "brien mac" <aph3x () linuxmail org>
Date: Thu, 07 Nov 2002 18:59:56 -0400
On *nix based machines, you can setup static ARP entries. This of course only provides consistent protection if you're on a static connection. If you move, for instance a laptop (or even a desktop, but laptops are more likely to be moved) to another network segment, your default gateway's MAC address will most likely will be different. Unless you maunally enter a static ARP entry for the default gateway's IP each time you move to a new network segment, an ARP cache poisoning attack would still be possible between your machine and the default gateway... generally speaking, it would be possible between your machine and ANY other machine on the local LAN segment unless you setup a static entry for EVERY host on the local LAN segment. "man arp" for more details on setting up static entries. On Windows machines, AKAIK, you can set a static ARP entry, but unfortunately, it does not stay static. Not too surprising considering Microsoft's lack of concern in the area of computer security. Just my $.01 with 100% interest... -Brien
From security books I've read it's not hard to eavesdrop on network communication using tools like dsniff, even in a switched environment. My understanding is that it is accomplished quite easily by ARP poisoning your victim in thinking your machine's MAC as the router MAC & after interception, re-forwarding the traffic back to the true router MAC. Assuming the network environment is large (e.g., configuring port switches for specific MAC addresses not practical) & desktop security cannot be guaranteed (and thereby cannot prevent people from allowing machines to IP forward), how can one defend against other than encrypting data.
Thanks....Mike
-- ______________________________________________ http://www.linuxmail.org/ Now with POP3/IMAP access for only US$19.95/yr Powered by Outblaze
Current thread:
- ARP Poisoning Michael Ungar (Nov 07)
- Re: ARP Poisoning Matt Hemingway (Nov 08)
- Re: ARP Poisoning ATD (Nov 09)
- <Possible follow-ups>
- Re: ARP Poisoning brien mac (Nov 08)
- RE: ARP Poisoning Trevor Cushen (Nov 08)
- Re: ARP Poisoning Jeff Dickison (Nov 09)
- Re: ARP Poisoning Matt Hemingway (Nov 09)
- RE: Arp Poisoning anyluser (Nov 09)