Network Security – Defenses against arp spoofing



So, we’ve spent a couple articles talking about arp spoofing. It sounds really bad, it’s a frighteningly easy way to do a “mitm” or man in the middle attack and anyone using arp spoofing could capture ALL network traffic including passwords. There’s got to be an easy fix right? Um…. well. This is not something you’re going to want to read, but there aren’t a lot of good options. It’s possible to setup a static arp table. With a static arp table, a machine ( switch/router ) has a list of known good MAC addresses and which IP addresses they should match.


If you have a small number hardware on the network and there is little changing of hardware, AND you have static IP addresses this might be a good choice. For larger networks it might be too unwieldy to manage though. One approach would be to do a static arp entry for “important” machines. (Like the gateway?) So, this is likely not a reasonable approach for many. (Especially home/small business users.)

Another approach is to be creative with subnets and make sure that untrusted machines get put into a seperate subnet from “trusted” machines.

There is a program called arpwatch that can keep track of what arp/ip address pairings have been found on the network and will report new entries to the administrator. Unfortunately, this last item is not preventative, but will let you know if something odd is up. (Of course, depending on how you retrieve mail from the machine, IF the machine is arp poisoned, the attacker will likely know that the administrator is aware….)

Related Posts

Blog Traffic Exchange Related Posts
  • Network Security guide for the home or small business network - Part 16 - Learn about the enemy I remember I had a geography teacher once that was a former Marine and he said when he was growing up it was the height of the cold war and geography was interesting to him from a "know your enemy" point of view. That's a good concept to apply to......
  • What a week.... I think it's time to pass along a long story of what's gone on over the last week or so here and some of the reasons there hasn't been anything posted. Generally, I would say that work has been busy, but something happened last week that went a bit beyond......
  • Network Security guide for the home or small business network - Part 1 - A Hardware firewall Computers can communicate over networks. (Surprise!) That's how you're reading this post. The machine that this site is hosted on is listening for requests for connection. When it receives a request it answers back with a web page. In fact, computers can listen for a great many different kinds of......
Blog Traffic Exchange Related Websites
  • Antique Bicycles Antiques Antique bicycles, even ones as recent as the 1950s and 1960s, are highly sought out and prized among collectors today. Certain brands and types of bicycles are snapped up and restored by bike aficionados who pay far more for the bicycles than they cost when they were new. Some......
  • Hackers breach security giant RSA’s network An interesting article by Silicon Republic about the recent RSA breach. EMC’s security division RSA has revealed its own network has been breached by hackers who launched an ‘extremely sophisticated’ attack that may have compromised the company’s SecureID authentication service. In a note to customers, executive chairman Art Coviello said......
  • The Business of Upholstery Sewing Machines If you are in the business of upholstery, then you need an upholstery sewing machine like Singer 7442 sewing machine or brother sewing machines. You might try to cheap out and purchase a consumer sewing machine; however, these machines will not work for upholstery. The reason why they will not......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site