Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts
Protection Against Arp Poisoning...
Posted 16 March 2005 - 04:46 AM
EDIT: Just found this is already been covered on GovSec in the past. Im currently reading this paper that was recommended: http://www.cs.sjsu.e...ilky_report.pdf
However, i would like to hear from peoples experience on protecting against ARP poisoning and tools they have used.
Posted 16 March 2005 - 06:36 AM
check the mac address of the most juicy host in your subnet (i.e. gateway , domain controller)
then arp -a on your pc ..
if there are differences you are poisoned ..
Posted 16 March 2005 - 06:56 AM
Posted 16 March 2005 - 07:12 AM
Btw did u note with cain u can sniff only hashes of yahoo mail and no plaintext on lan even if u arent using secure login . Gmail sends plain text HOTMAIL sends plain text out and most others do . But yahoo hashes b4r sending maybe md5 i think . Only thing i like bat yahoo
Posted 16 March 2005 - 07:29 AM
belgther... aka... belgther
Posted 16 March 2005 - 07:44 AM
about yahoo you are right the pass is double MD5 hashed plus a challenge that changes
at any new connection ..
Posted 16 March 2005 - 07:51 AM
Posted 17 March 2005 - 09:45 AM
static ARP tables can solve the solution of ARP Poisoning, thus disabling ARP protocol which prevents ARP Poisoning, too. The packets can be blocked by personal & router firewalls. Fancy, but possible...
Yes but if you have a windows network, it s noticed with arp-sk it is possible to modify static ARP tables.
I think the best solution is to use ssl or vpn or anything like that to secure data from the network. And it s the easier solution than filter all MAC adress. It use more ressources I think ...
Posted 11 July 2005 - 02:27 PM
Posted 11 July 2005 - 08:56 PM
Posted 12 July 2005 - 04:38 PM
If you don't hit the clients then dsnif for C&A can fool clients into thinking they are the gateway still and get lots of juicy info. I wonder if there is a way to do this with DHCP, send out the default GW and the MAC of that GW. But the GW is not the only thing worth protecting all servers and resources would be nice to protect too.
BTW, arpwatch is great for keeping an eye on this but when someone does start futzing it become almost too noisy with e-mails and log messages, you have to dial down the settings to make sure it doesn't flood out too much crap.
The gopher is back!
Posted 12 July 2005 - 06:55 PM
but this will solve the probleme of a man in the middle that is waiting for things like passwords in clear text but i'm not sure this will also help for the smart spoofing attack.
but maybe anyone had test this before?
Posted 12 July 2005 - 07:14 PM
But IPSEC could still be disrupted in any case as you could redirect traffic through you, and if any new man in the middle attacks come out then you would be sitting in the right place.
The gopher is back!
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users