From owner-freebsd-security Fri Apr 20 13:37:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from obelix.rby.hk-r.se (obelix-b.student.bth.se [194.47.132.4]) by hub.freebsd.org (Postfix) with ESMTP id A868437B422 for ; Fri, 20 Apr 2001 13:37:49 -0700 (PDT) (envelope-from t98pth@student.bth.se) Received: from helios.kna.hk-r.se (helios [194.47.153.5]) by obelix.rby.hk-r.se (8.10.2/8.10.2) with ESMTP id f3KKblM02042; Fri, 20 Apr 2001 22:37:47 +0200 (MEST) Received: from localhost (t98pth@localhost) by helios.kna.hk-r.se (8.9.3+Sun/8.9.3) with ESMTP id WAA27500; Fri, 20 Apr 2001 22:38:24 +0200 (MEST) X-Authentication-Warning: helios.kna.hk-r.se: t98pth owned process doing -bs Date: Fri, 20 Apr 2001 22:38:23 +0200 (MEST) From: =?ISO-8859-1?Q?P=E4r_Thoren?= X-Sender: t98pth@helios To: Joseph Gleason Cc: freebsd-security@freebsd.org Subject: Re: static arp values In-Reply-To: <007b01c0c9c3$238fb480$dc02010a@battleship> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 20 Apr 2001, Joseph Gleason wrote: > When you do arp -a, is the static entry you set marked as permanent? yes it is >=20 > Did you simulate anouther box taking that IP and look at the arp table > afterward? >=20 Yes I did. And the arp is infact what it is suppose to be. So it appear static. (when i did the same thing on w2k, arp -s, the mac adress=20 changed). But I can still sniff the connection between the machine with the static arp value and the router. That is what I find strange. I simulate the man-in-the-middle attack with ettercap by the way. > Also, you should be aware that some cards allow you to change the MAC > address of the card. (At least I think so...never tried it) So an evil > machine could steal the MAC address and fool the switch into sending it y= our > traffic. >=20 > Depending on how advanced your switch is and if it is managable, you can > hardcode what MAC address is on what port...avoid this one as well. >=20 > ----- Original Message ----- > From: "P=E4r Thoren" > To: > Sent: Friday, April 20, 2001 13:13 > Subject: static arp values >=20 >=20 > > Hi! > > > > > > Is it possible to make a arptable entry static? For example the arp adr= ess > > of my gateway. So that man-in-the-middle attack can be prevented. > > > > > > I=B4ve tried "arp -S ip-adres mac-adres" but it seems that it is still > > possible to infect the arptable with a false mac adress of the gateway = and > > sniff the connection. > > > > > > /P=E4r > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message