From owner-freebsd-security  Fri Apr 20 10:56: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from zogbe.tasam.com (hc6526bd1.dhcp.vt.edu [198.82.107.209])
	by hub.freebsd.org (Postfix) with ESMTP id B193B37B423
	for <freebsd-security@FreeBSD.ORG>; Fri, 20 Apr 2001 10:55:57 -0700 (PDT)
	(envelope-from clash@tasam.com)
Received: from battleship (hc6526bd1.dhcp.vt.edu [198.82.107.209])
	by zogbe.tasam.com (8.11.3/8.11.3) with SMTP id f3KHtsc29164;
	Fri, 20 Apr 2001 13:55:54 -0400 (EDT)
Message-ID: <007b01c0c9c3$238fb480$dc02010a@battleship>
From: "Joseph Gleason" <clash@tasam.com>
To: =?iso-8859-1?Q?P=E4r_Thoren?= <t98pth@student.bth.se>,
	<freebsd-security@FreeBSD.ORG>
References: <Pine.GSO.4.21.0104201903300.26618-100000@helios>
Subject: Re: static arp values
Date: Fri, 20 Apr 2001 13:55:51 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.3018.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

When you do arp -a, is the static entry you set marked as permanent?

Did you simulate anouther box taking that IP and look at the arp table
afterward?

Also, you should be aware that some cards allow you to change the MAC
address of the card.  (At least I think so...never tried it)  So an evil
machine could steal the MAC address and fool the switch into sending it your
traffic.

Depending on how advanced your switch is and if it is managable, you can
hardcode what MAC address is on what port...avoid this one as well.

----- Original Message -----
From: "Pär Thoren" <t98pth@student.bth.se>
To: <freebsd-security@FreeBSD.ORG>
Sent: Friday, April 20, 2001 13:13
Subject: static arp values


> Hi!
>
>
> Is it possible to make a arptable entry static? For example the arp adress
> of my gateway. So that man-in-the-middle attack can be prevented.
>
>
> I´ve tried "arp -S ip-adres mac-adres" but it seems that it is still
> possible to infect the arptable with a false mac adress of the gateway and
> sniff the connection.
>
>
> /Pär
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message