Network Security – Defenses against arp spoofing



So, we’ve spent a couple articles talking about arp spoofing. It sounds really bad, it’s a frighteningly easy way to do a “mitm” or man in the middle attack and anyone using arp spoofing could capture ALL network traffic including passwords. There’s got to be an easy fix right? Um…. well. This is not something you’re going to want to read, but there aren’t a lot of good options. It’s possible to setup a static arp table. With a static arp table, a machine ( switch/router ) has a list of known good MAC addresses and which IP addresses they should match.


If you have a small number hardware on the network and there is little changing of hardware, AND you have static IP addresses this might be a good choice. For larger networks it might be too unwieldy to manage though. One approach would be to do a static arp entry for “important” machines. (Like the gateway?) So, this is likely not a reasonable approach for many. (Especially home/small business users.)

Another approach is to be creative with subnets and make sure that untrusted machines get put into a seperate subnet from “trusted” machines.

There is a program called arpwatch that can keep track of what arp/ip address pairings have been found on the network and will report new entries to the administrator. Unfortunately, this last item is not preventative, but will let you know if something odd is up. (Of course, depending on how you retrieve mail from the machine, IF the machine is arp poisoned, the attacker will likely know that the administrator is aware….)

Related Posts

Blog Traffic Exchange Related Posts
  • Network Security guide for the home or small business network - Part 7 - Wireless Networking OK - the last couple of entries got into some heavy lifting and some real learning on your part. Learning about what software needs to run, what services are running, updating them to keep current on security patches. We even talked about securing services listening for outside connections and limiting......
  • Handy Online Network Tools Most of the time when I need to do a Dig or whois or traceroute I'm at a machine that I can use a good command line version of these essential network utilities. However, there are always times when you're at a PC or situation that is either missing some......
  • Pay per click hijacking Interesting article at lurhq.com on pay per click hijacking, which is really an extension on old DNS poisoning attacks. Essentially the DNS poisoning attack works like this... Every domain name on the internet is really just an easy way to access the machine address or IP address. So google.com right......
Blog Traffic Exchange Related Websites
  • Lobster Elite Model 3 Tennis Ball Machine One of the best ways to practice tennis is to use a ball machine, but these can be expensive. If you have your own home court, or you play at a public court system where there isn’t a ball machine on site, buying your own is an option that many......
  • Hackers breach security giant RSA’s network An interesting article by Silicon Republic about the recent RSA breach. EMC’s security division RSA has revealed its own network has been breached by hackers who launched an ‘extremely sophisticated’ attack that may have compromised the company’s SecureID authentication service. In a note to customers, executive chairman Art Coviello said......
  • How to Install a Home Security System: Most Common Pitfalls Installing a home security system might seem easy. To be sure, it’s a lot easier to install one today than it was just a decade ago. Inexpensive consumer electronics components combined with robust wireless technology means that even an amateur can put in a decent system. Just because it’s easy,......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site