Defending ARP Spoofing

Defending ARP Spoofing
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Defending ARP Spoofing Chris 11-06-2005
Posted by Chris on November 6, 2005, 9:10 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi all,

I want to build up a resource containing all possibilities to defend ARP
spoofing. As I think ARP spoofing is one of the most powerful, easiest
and underestimated attacks I want to know all your tricks, patches,
anything that you know/apply to defend ARP spoofing.

I know the standard things to do (like static ARP entries and so on),
what I want to know from you is something like:

-OS x has a patch y which helps preventing ARP spoofing (like antidote)
or
-OS x in version y has a small built in ARP prevention (like SunOS)
or
-Firewall/IDS x is able to prevent/detect ARP spoofing

Also welcome are new thoughts about ARP spoofing prevention (like S-ARP
or Secure Link Layer).

Give me all your information, tricks and tips, so I can build up a
complete resource.

Thanks a lot,
Chris


Posted by Casey Klc on November 6, 2005, 8:52 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
says...
> Hi all,
>
> I want to build up a resource containing all possibilities to defend ARP
> spoofing. As I think ARP spoofing is one of the most powerful, easiest
> and underestimated attacks I want to know all your tricks, patches,
> anything that you know/apply to defend ARP spoofing.
>
> I know the standard things to do (like static ARP entries and so on),
> what I want to know from you is something like:
>
> -OS x has a patch y which helps preventing ARP spoofing (like antidote)
> or
> -OS x in version y has a small built in ARP prevention (like SunOS)
> or
> -Firewall/IDS x is able to prevent/detect ARP spoofing
>
> Also welcome are new thoughts about ARP spoofing prevention (like S-ARP
> or Secure Link Layer).
>
> Give me all your information, tricks and tips, so I can build up a
> complete resource.
>
> Thanks a lot,
> Chris
>
Quote...
Using IPv6, IPsec or static ARP records can be effective methods of defence
against ARP spoofing attacks.
end quote..
http://en.wikipedia.org/wiki/ARP_spoofing


Posted by Patrick Schaaf on November 6, 2005, 9:12 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>Also welcome are new thoughts about ARP spoofing prevention

Don't put things together in a single LAN, which don't belong together
in a single LAN.

ARP spoofing prevented. You can close your survey.

best regards
Patrick


Posted by Volker Birk on November 6, 2005, 10:14 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> I want to build up a resource containing all possibilities to defend ARP
> spoofing.

Then use 802.1X and fixed MACs on each port.

Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister


Posted by Juergen P. Meier on November 6, 2005, 10:39 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
["Followup-To:" header set to comp.security.misc.]

Multi-Language Hierarchy crossposting. Please feel free to fup in the
language and hierarchy you prefer.

> I want to build up a resource containing all possibilities to defend ARP
> spoofing. As I think ARP spoofing is one of the most powerful, easiest
> and underestimated attacks I want to know all your tricks, patches,
> anything that you know/apply to defend ARP spoofing.

The very best defense against ARP spoofing is to make sure your
network design and security concept does not rely on MAC addresses for
any of the following: Authentication, Authorisation, Identification.

> I know the standard things to do (like static ARP entries and so on),

Apparently not. The standard thing to do is to make your
network design (and security concept) immune to this kind of threat.

> what I want to know from you is something like:
>
> -OS x has a patch y which helps preventing ARP spoofing (like antidote)
> or

What makes you think the bad guy would install such a patch? How would
you enforce installation? How can you enforce that only stations with
such a patch participate in your network?

> -OS x in version y has a small built in ARP prevention (like SunOS)
> or

What are your talking about?

> -Firewall/IDS x is able to prevent/detect ARP spoofing

Unlikely if the spoofing entity has any brains at all. (i.e. you can
only catch complete dorks this way ;)

> Also welcome are new thoughts about ARP spoofing prevention (like S-ARP
> or Secure Link Layer).

Simply seperate your Authentication and Authorisation from Ethernet
layer parameters. This has been the way to make yourself immune against
ARP spoofing attacks for decades now. IPSEC is one of the many
technical solutions to accomplish this goal.

> Give me all your information, tricks and tips, so I can build up a
> complete resource.

Give me all your money, bonds and deeds, so I can provide you with a
complete response ;-)

Juergen
--
Juergen P. Meier - "This World is about to be Destroyed!"
end
If you think technology can solve your problems you don't understand
technology and you don't understand your problems. (Bruce Schneier)


Similar ThreadsPosted
TCP Spoofing Details January 4, 2006, 12:19 pm
NAT routers - is IP spoofing a risk? November 20, 2005, 9:38 am
Spoofing fingerprint scanners - NEWBIE() May 1, 2006, 1:57 pm
ARP spoofing detection tool XArp 2 July 26, 2006, 2:37 pm
sniffing in a switched network - a presentation on ARP spoofing June 14, 2005, 4:30 pm

The site map in XML format XML site map

Contact Us | Privacy Policy