Date: Sat, 21 Apr 2001 16:56:20 +0700 From: Igor Podlesny <poige@morning.ru> To: freebsd-security@FreeBSD.ORG Subject: Re[2]: static arp values Message-ID: <1972094846.20010421165620@morning.ru>
next in thread | raw e-mail | index | archive | help
PT> On Fri, 20 Apr 2001, Joseph Gleason wrote: >> When you do arp -a, is the static entry you set marked as permanent? PT> yes it is >> >> Did you simulate anouther box taking that IP and look at the arp table >> afterward? >> PT> Yes I did. And the arp is infact what it is suppose to be. So it appear PT> static. (when i did the same thing on w2k, arp -s, the mac adress PT> changed). PT> But I can still sniff the connection between the machine with the static PT> arp value and the router. That is what I find strange. hm. it seems you need to know how ETHERNET networks work. No matter does a box know MAC.addr of other box or it asks network for it. At last, they will talk to each other over SHARED media which ETHERNET certainly is. You may use `Switches' to avoid such situation, some of them can be even configured to bind their ports to respective MAC addrs, but some cards can be MAC changeable, as "Joseph Gleason" <clash@tasam.com> mentioned before... In short, all these gotchas are drawbacks of Ethernet technology. If you use it the only way to be 99% protected is using of VPN technology over it. good luck! PT> I simulate the man-in-the-middle attack with ettercap by the way. >> Also, you should be aware that some cards allow you to change the MAC >> address of the card. (At least I think so...never tried it) So an evil >> machine could steal the MAC address and fool the switch into sending it your >> traffic. >> >> Depending on how advanced your switch is and if it is managable, you can >> hardcode what MAC address is on what port...avoid this one as well. >> >> ----- Original Message ----- >> From: "Pär Thoren" <t98pth@student.bth.se> >> To: <freebsd-security@FreeBSD.ORG> >> Sent: Friday, April 20, 2001 13:13 >> Subject: static arp values >> >> >> > Hi! >> > >> > >> > Is it possible to make a arptable entry static? For example the arp adress >> > of my gateway. So that man-in-the-middle attack can be prevented. >> > >> > >> > I´ve tried "arp -S ip-adres mac-adres" but it seems that it is still >> > possible to infect the arptable with a false mac adress of the gateway and >> > sniff the connection. >> > >> > >> > /Pär >> > >> > >> > >> > To Unsubscribe: send mail to majordomo@FreeBSD.org >> > with "unsubscribe freebsd-security" in the body of the message >> > >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message >> PT> To Unsubscribe: send mail to majordomo@FreeBSD.org PT> with "unsubscribe freebsd-security" in the body of the message -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1972094846.20010421165620>