Network Security – Defenses against arp spoofing



So, we’ve spent a couple articles talking about arp spoofing. It sounds really bad, it’s a frighteningly easy way to do a “mitm” or man in the middle attack and anyone using arp spoofing could capture ALL network traffic including passwords. There’s got to be an easy fix right? Um…. well. This is not something you’re going to want to read, but there aren’t a lot of good options. It’s possible to setup a static arp table. With a static arp table, a machine ( switch/router ) has a list of known good MAC addresses and which IP addresses they should match.


If you have a small number hardware on the network and there is little changing of hardware, AND you have static IP addresses this might be a good choice. For larger networks it might be too unwieldy to manage though. One approach would be to do a static arp entry for “important” machines. (Like the gateway?) So, this is likely not a reasonable approach for many. (Especially home/small business users.)

Another approach is to be creative with subnets and make sure that untrusted machines get put into a seperate subnet from “trusted” machines.

There is a program called arpwatch that can keep track of what arp/ip address pairings have been found on the network and will report new entries to the administrator. Unfortunately, this last item is not preventative, but will let you know if something odd is up. (Of course, depending on how you retrieve mail from the machine, IF the machine is arp poisoned, the attacker will likely know that the administrator is aware….)

Related Posts

Blog Traffic Exchange Related Posts
  • Network Security guide for the home or small business network - Part 16 - Learn about the enemy I remember I had a geography teacher once that was a former Marine and he said when he was growing up it was the height of the cold war and geography was interesting to him from a "know your enemy" point of view. That's a good concept to apply to......
  • What a week.... I think it's time to pass along a long story of what's gone on over the last week or so here and some of the reasons there hasn't been anything posted. Generally, I would say that work has been busy, but something happened last week that went a bit beyond......
  • Modern Computer Viruses are almost NEVER from whom they claim to be from This is one that I've probably talked about before, but it's worth rehashing because of a call I had this afternoon. A customer had been receiving phone calls and email messages from folks asking that he stop sending them a virus. Essentially all of the viruses were claiming to be......
Blog Traffic Exchange Related Websites
  • Why Get a Quilting Sewing Machine? Quilting is becoming a marvelous new hobby for many people. It is a great way to fill up extra time and learning how to do it is not that difficult. Once the task is mastered the process can become very rewarding. Quilting is not only a great way to fill......
  • How to Install a Home Security System: Most Common Pitfalls Installing a home security system might seem easy. To be sure, it’s a lot easier to install one today than it was just a decade ago. Inexpensive consumer electronics components combined with robust wireless technology means that even an amateur can put in a decent system. Just because it’s easy,......
  • Hackers breach security giant RSA’s network An interesting article by Silicon Republic about the recent RSA breach. EMC’s security division RSA has revealed its own network has been breached by hackers who launched an ‘extremely sophisticated’ attack that may have compromised the company’s SecureID authentication service. In a note to customers, executive chairman Art Coviello said......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site