From owner-freebsd-security Sun Apr 22 11: 3:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from obelix.rby.hk-r.se (obelix-140.rby.hk-r.se [194.47.140.4]) by hub.freebsd.org (Postfix) with ESMTP id 9CB3D37B424 for ; Sun, 22 Apr 2001 11:03:09 -0700 (PDT) (envelope-from t98pth@student.bth.se) Received: from helios.kna.hk-r.se (helios [194.47.153.5]) by obelix.rby.hk-r.se (8.10.2/8.10.2) with ESMTP id f3MI38M22670; Sun, 22 Apr 2001 20:03:08 +0200 (MEST) Received: from localhost (t98pth@localhost) by helios.kna.hk-r.se (8.9.3+Sun/8.9.3) with ESMTP id UAA01423; Sun, 22 Apr 2001 20:03:44 +0200 (MEST) X-Authentication-Warning: helios.kna.hk-r.se: t98pth owned process doing -bs Date: Sun, 22 Apr 2001 20:03:44 +0200 (MEST) From: =?ISO-8859-1?Q?P=E4r_Thoren?= X-Sender: t98pth@helios To: Dag-Erling Smorgrav Cc: freebsd-security@freebsd.org Subject: Re: static arp values In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org a attacker can arppoisonen my arpcache with false information about what macadress the gateway has. The attacker tells the arpcache that the gateway ip has the macadress of his nic, then route my traffic to the "real" gateway without my knowledge. He can then monitor my traffic. A static value of the macadress of the gateway could prevent this. This is, again, on a switched ethernet lan. /P=E4r On 22 Apr 2001, Dag-Erling Smorgrav wrote: > P=E4r Thoren writes: > > But I can still sniff the connection between the machine with the stati= c > > arp value and the router. That is what I find strange. >=20 > How do you expect a static ARP entry will prevent sniffing? >=20 > DES > --=20 > Dag-Erling Smorgrav - des@ofug.org >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message