Protection against arp spoofing Post: 302586383

Sponsored Content

Special Forums IP Networking Protection against arp spoofing Post 302586383 by chrisperry on Sunday 1st of January 2012 11:25:39 AM

01-01-2012

Registered User

Protection against arp spoofing

Hi, I'm trying to find a way to protect my network against arp spoofing.

What it is:
An attacker sends fake arp packets in the network, identifying himself as the router. All network traffic is then redirected to this attacker.

How to protect myself:
In my opinion, the best possible protection is arptables firewall running on my router. But I'm not sure hot to set it up properly. It sholud be simillar to iptables, so I tried:

Code:

arptables -P INPUT DROP
arptables -P OUTPUT DROP
arptables -A INPUT -s 192.168.1.1 --source-mac MAC:OF:MY:ROUTER -j ACCEPT
arptables -A OUTPUT -d 192.168.1.1 --destination-mac MAC:OF:MY:ROUTER -j ACCEPT

So all arp packets are dropped (default policy DROP, first two lines) and only those coming from or to my router (= valid ones) are allowed.
But for some reason, my whole network collapses after executing this command. Any idea what is wrong?

Last edited by DukeNuke2; 01-01-2012 at 01:01 PM..

chrisperry

View Public Profile for chrisperry

Find all posts by chrisperry

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Spoofing paths.

There is a program that I am trying to run on a shell account. It depends on another program, which I have also copied to the shell account. Both are in my home directory, yet the first program has a different path hardcoded into it, which I cannot use because of permissions problems. How can I...

2. UNIX for Dummies Questions & Answers

Spoofing a From Address in SMTP

Hi, I am currently using Mailx to send a mail message from my unix account via an SMTP relay. This is working ok. However from the recipient end the FROM address they see on mails received is <unix account>@<domain> eg prod@liveserver.com Is there anyway I can spoof this FROM address from the...

3. Cybersecurity

Help Make a spoofing DNS using pcap library

Hello all, i need your quick help. I have assignment project class to make a program using pcap library to spoofing DNS in linux environment. Can anyone help me, because i'm newbie in network security and in C?:confused: Regards, ptrfw

4. Cybersecurity

MAC Address spoofing

There is a question in the SCO section asking for information on how to change the MAC address of a NIC. Is there a valid reason for wanting to change the MAC address?

5. Solaris

MAC spoofing a virtual NIC on Solaris 5.0

Hi everybody! I'm facing a problem and I doubt about the solution (I'm not very familiar with old *NIXs). An external network supplier (let's call them "telco") just installed new communication components that filters MAC addresses. I have a Solaris 5 server, with 1 NIC (hte0) which is...

6. OS X (Apple)

ethernet mac spoofing

I tried to use the command sudo ifconfig en0 ether xx:xx:xx:xx:xx:xx to do mac spoofing for internet connection in my office. It works only for 5 minutes. Every time after about 5mins, the Internet will be disconnected. :wall: Any one knows how to solve this problem? Thanks.

7. UNIX for Dummies Questions & Answers

Running into problems while spoofing IP Address

I have a machine (IP:192.168.1.185) and i want to send spoofed IP address (e.g. 192.168.1.212) to another machine(192.168.1.213) . I am using a spoofing program for this which uses raw sockets. Now whenever i pass the parameters(spoofed ip addr and destination) to the output of the program, i...

LEARN ABOUT DEBIAN

net::arp

ARP(3pm)						User Contributed Perl Documentation						  ARP(3pm)

NAME

       ARP - Perl extension for creating ARP packets

SYNOPSIS

	 use Net::ARP;
	 Net::ARP::send_packet('lo',		     # Device
			       '127.0.0.1',	     # Source IP
			       '127.0.0.1',	     # Destination IP
			       'aa:bb:cc:aa:bb:cc',  # Source MAC
			       'aa:bb:cc:aa:bb:cc',  # Destinaton MAC
			       'reply');	     # ARP operation

       $mac = Net::ARP::get_mac("eth0");

       print "$mac
";

       $mac = Net::ARP::arp_lookup($dev,"192.168.1.1");

       print "192.168.1.1 has got mac $mac
";

   IMPORTANT
       Version 1.0 will break with the API of PRE-1.0 versions, because the return value of arp_lookup() and get_mac() will no longer be passed as
       parameter, but returned!  I hope this decision is ok as long as we get a cleaner and more perlish API.

   DESCRIPTION
       This module can be used to create and send ARP packets and to get the mac address of an ethernet interface or ip address.

       send_packet()
	     Net::ARP::send_packet('lo',		 # Device
				   '127.0.0.1', 	 # Source IP
				   '127.0.0.1', 	 # Destination IP
				   'aa:bb:cc:aa:bb:cc',  # Source MAC
				   'aa:bb:cc:aa:bb:cc',  # Destinaton MAC
				   'reply');		 # ARP operation

	     I think this is self documentating.
	     ARP operation can be one of the following values:
	     request, reply, revrequest, revreply, invrequest, invreply.
	     The default ARP operation is reply.

       get_mac()
	     $mac = Net::ARP::get_mac("eth0");

	     This gets the MAC address of the eth0 interface and stores
	     it in the variable $mac. The return value is "unknown" if
	     the mac cannot be looked up.

       arp_lookup()
	     $mac = Net::ARP::arp_lookup($dev,"192.168.1.1");

	     This looks up the MAC address for the ip address 192.168.1.1
	     and stores it in the variable $mac. The return value is
	     "unknown" if the mac cannot be looked up.

SEE ALSO

	man -a arp

AUTHOR

	Bastian Ballmann [ Balle@chaostal.de ]
	http://www.datenterrorist.de

COPYRIGHT AND LICENSE

       Copyright (C) 2004-2007 by Bastian Ballmann

       This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.1 or,
       at your option, any later version of Perl 5 you may have available.

perl v5.14.2							    2009-04-24								  ARP(3pm)