From owner-freebsd-security  Tue Dec 19 20:49:43 2000
From owner-freebsd-security@FreeBSD.ORG  Tue Dec 19 20:49:40 2000
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139])
	by hub.freebsd.org (Postfix) with ESMTP id BDA1E37B400
	for <security@FreeBSD.ORG>; Tue, 19 Dec 2000 20:49:39 -0800 (PST)
Received: (qmail 5333 invoked by uid 1000); 20 Dec 2000 04:49:33 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 20 Dec 2000 04:49:33 -0000
Date: Tue, 19 Dec 2000 22:49:33 -0600 (CST)
From: Mike Silbersack <silby@silby.com>
To: David Talkington <dtalk@prairienet.org>
Cc: Chuck Rock <carock@epconline.net>, <security@FreeBSD.ORG>,
	<questions@FreeBSD.ORG>
Subject: RE: What anti-sniffer measures do i have? 
In-Reply-To: <Pine.LNX.4.30.0012192209100.2606-100000@sherman.spotnet.org>
Message-ID: <Pine.BSF.4.31.0012192245040.4679-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Tue, 19 Dec 2000, David Talkington wrote:

> Play around with dsniff.  On my test network at home, with two
> workstations (A and B) and a gateway router (C) on a 10/100 switch,
> I've been able to convince A that B was its router, and view A's
> traffic before sending it on to C.  A putters away, and never even
> knows B is there.  It's kinda scary.
>
> Far as I know, hard-coding an arp table is the only way to prevent
> that sort of thing ... someone please correct me if I'm wrong?
>
> -d

Out of curiosity, could you run arpwatch on one of the workstations
(preferrably D, not one of the involved) and see if it detects the arp
oddity?

Mike "Silby" Silbersack




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message