Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Protection against arp spoofing
Special Forums IP Networking Protection against arp spoofing Post 302586383 by chrisperry on Sunday 1st of January 2012 11:25:39 AM
Old 01-01-2012
Protection against arp spoofing
Hi, I'm trying to find a way to protect my network against arp spoofing.

What it is:
An attacker sends fake arp packets in the network, identifying himself as the router. All network traffic is then redirected to this attacker.

How to protect myself:
In my opinion, the best possible protection is arptables firewall running on my router. But I'm not sure hot to set it up properly. It sholud be simillar to iptables, so I tried:

Code:
arptables -P INPUT DROP
arptables -P OUTPUT DROP
arptables -A INPUT -s 192.168.1.1 --source-mac MAC:OF:MY:ROUTER -j ACCEPT
arptables -A OUTPUT -d 192.168.1.1 --destination-mac MAC:OF:MY:ROUTER -j ACCEPT

So all arp packets are dropped (default policy DROP, first two lines) and only those coming from or to my router (= valid ones) are allowed.
But for some reason, my whole network collapses after executing this command. Any idea what is wrong?
Last edited by DukeNuke2; 01-01-2012 at 01:01 PM..
 

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Spoofing paths.

There is a program that I am trying to run on a shell account. It depends on another program, which I have also copied to the shell account. Both are in my home directory, yet the first program has a different path hardcoded into it, which I cannot use because of permissions problems. How can I... (3 Replies)
Discussion started by: fahadsadah
3 Replies

2. UNIX for Dummies Questions & Answers

Spoofing a From Address in SMTP

Hi, I am currently using Mailx to send a mail message from my unix account via an SMTP relay. This is working ok. However from the recipient end the FROM address they see on mails received is <unix account>@<domain> eg prod@liveserver.com Is there anyway I can spoof this FROM address from the... (1 Reply)
Discussion started by: jimthompson
1 Replies

3. Cybersecurity

Help Make a spoofing DNS using pcap library

Hello all, i need your quick help. I have assignment project class to make a program using pcap library to spoofing DNS in linux environment. Can anyone help me, because i'm newbie in network security and in C?:confused: Regards, ptrfw (1 Reply)
Discussion started by: riska_bali
1 Replies

4. Cybersecurity

MAC Address spoofing

There is a question in the SCO section asking for information on how to change the MAC address of a NIC. Is there a valid reason for wanting to change the MAC address? (1 Reply)
Discussion started by: jgt
1 Replies

5. Solaris

MAC spoofing a virtual NIC on Solaris 5.0

Hi everybody! I'm facing a problem and I doubt about the solution (I'm not very familiar with old *NIXs). An external network supplier (let's call them "telco") just installed new communication components that filters MAC addresses. I have a Solaris 5 server, with 1 NIC (hte0) which is... (6 Replies)
Discussion started by: Isharfoxat
6 Replies

6. OS X (Apple)

ethernet mac spoofing

I tried to use the command sudo ifconfig en0 ether xx:xx:xx:xx:xx:xx to do mac spoofing for internet connection in my office. It works only for 5 minutes. Every time after about 5mins, the Internet will be disconnected. :wall: Any one knows how to solve this problem? Thanks. (6 Replies)
Discussion started by: andrewust
6 Replies

7. UNIX for Dummies Questions & Answers

Running into problems while spoofing IP Address

I have a machine (IP:192.168.1.185) and i want to send spoofed IP address (e.g. 192.168.1.212) to another machine(192.168.1.213) . I am using a spoofing program for this which uses raw sockets. Now whenever i pass the parameters(spoofed ip addr and destination) to the output of the program, i... (2 Replies)
Discussion started by: syncmaster
2 Replies

LEARN ABOUT FREEBSD

gre

GRE(4)							   BSD Kernel Interfaces Manual 						    GRE(4)

NAME

     gre -- encapsulating network device

SYNOPSIS

     To compile the driver into the kernel, place the following line in the kernel configuration file:

	   device gre

     Alternatively, to load the driver as a module at boot time, place the following line in loader.conf(5):

	   if_gre_load="YES"

DESCRIPTION

     The gre network interface pseudo device encapsulates datagrams into IP.  These encapsulated datagrams are routed to a destination host, where
     they are decapsulated and further routed to their final destination.  The ``tunnel'' appears to the inner datagrams as one hop.

     gre interfaces are dynamically created and destroyed with the ifconfig(8) create and destroy subcommands.

     This driver corresponds to RFC 2784.  Encapsulated datagrams are prepended an outer datagram and a GRE header.  The GRE header specifies the
     type of the encapsulated datagram and thus allows for tunneling other protocols than IP.  GRE mode is also the default tunnel mode on Cisco
     routers.  gre also supports Cisco WCCP protocol, both version 1 and version 2.

     The gre interfaces support a number of additional parameters to the ifconfig(8):

     grekey	  Set the GRE key used for outgoing packets.  A value of 0 disables the key option.

     enable_csum  Enables checksum calculation for outgoing packets.

     enable_seq   Enables use of sequence number field in the GRE header for outgoing packets.

EXAMPLES

     192.168.1.* --- Router A  -------tunnel-------- Router B --- 192.168.2.*
						       /
			 			      /
			  +------ the Internet ------+

     Assuming router A has the (external) IP address A and the internal address 192.168.1.1, while router B has external address B and internal
     address 192.168.2.1, the following commands will configure the tunnel:

     On router A:

	   ifconfig greN create
	   ifconfig greN inet 192.168.1.1 192.168.2.1
	   ifconfig greN inet tunnel A B
	   route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1

     On router B:

	   ifconfig greN create
	   ifconfig greN inet 192.168.2.1 192.168.1.1
	   ifconfig greN inet tunnel B A
	   route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1

NOTES

     The MTU of gre interfaces is set to 1476 by default, to match the value used by Cisco routers.  This may not be an optimal value, depending
     on the link between the two tunnel endpoints.  It can be adjusted via ifconfig(8).

     For correct operation, the gre device needs a route to the decapsulating host that does not run over the tunnel, as this would be a loop.

     The kernel must be set to forward datagrams by setting the net.inet.ip.forwarding sysctl(8) variable to non-zero.

SEE ALSO

     gif(4), inet(4), ip(4), me(4), netintro(4), protocols(5), ifconfig(8), sysctl(8)

     A description of GRE encapsulation can be found in RFC 2784 and RFC 2890.

AUTHORS

     Andrey V. Elsukov <ae@FreeBSD.org>
     Heiko W.Rupp <hwr@pilhuhn.de>

BUGS

     The current implementation uses the key only for outgoing packets.  Incoming packets with a different key or without a key will be treated as
     if they would belong to this interface.

     The sequence number field also used only for outgoing packets.

BSD
								 November 7, 2014							       BSD
All times are GMT -4. The time now is 05:17 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy