Date: Fri, 20 Apr 2001 22:38:23 +0200 (MEST) From: =?ISO-8859-1?Q?P=E4r_Thoren?= <t98pth@student.bth.se> To: Joseph Gleason <clash@tasam.com> Cc: freebsd-security@freebsd.org Subject: Re: static arp values Message-ID: <Pine.GSO.4.21.0104202231540.27489-100000@helios> In-Reply-To: <007b01c0c9c3$238fb480$dc02010a@battleship>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 20 Apr 2001, Joseph Gleason wrote: > When you do arp -a, is the static entry you set marked as permanent? yes it is >=20 > Did you simulate anouther box taking that IP and look at the arp table > afterward? >=20 Yes I did. And the arp is infact what it is suppose to be. So it appear static. (when i did the same thing on w2k, arp -s, the mac adress=20 changed). But I can still sniff the connection between the machine with the static arp value and the router. That is what I find strange. I simulate the man-in-the-middle attack with ettercap by the way. > Also, you should be aware that some cards allow you to change the MAC > address of the card. (At least I think so...never tried it) So an evil > machine could steal the MAC address and fool the switch into sending it y= our > traffic. >=20 > Depending on how advanced your switch is and if it is managable, you can > hardcode what MAC address is on what port...avoid this one as well. >=20 > ----- Original Message ----- > From: "P=E4r Thoren" <t98pth@student.bth.se> > To: <freebsd-security@FreeBSD.ORG> > Sent: Friday, April 20, 2001 13:13 > Subject: static arp values >=20 >=20 > > Hi! > > > > > > Is it possible to make a arptable entry static? For example the arp adr= ess > > of my gateway. So that man-in-the-middle attack can be prevented. > > > > > > I=B4ve tried "arp -S ip-adres mac-adres" but it seems that it is still > > possible to infect the arptable with a false mac adress of the gateway = and > > sniff the connection. > > > > > > /P=E4r > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.21.0104202231540.27489-100000>