Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Protection against arp spoofing
Special Forums IP Networking Protection against arp spoofing Post 302586383 by chrisperry on Sunday 1st of January 2012 11:25:39 AM
Old 01-01-2012
Protection against arp spoofing
Hi, I'm trying to find a way to protect my network against arp spoofing.

What it is:
An attacker sends fake arp packets in the network, identifying himself as the router. All network traffic is then redirected to this attacker.

How to protect myself:
In my opinion, the best possible protection is arptables firewall running on my router. But I'm not sure hot to set it up properly. It sholud be simillar to iptables, so I tried:

Code:
arptables -P INPUT DROP
arptables -P OUTPUT DROP
arptables -A INPUT -s 192.168.1.1 --source-mac MAC:OF:MY:ROUTER -j ACCEPT
arptables -A OUTPUT -d 192.168.1.1 --destination-mac MAC:OF:MY:ROUTER -j ACCEPT

So all arp packets are dropped (default policy DROP, first two lines) and only those coming from or to my router (= valid ones) are allowed.
But for some reason, my whole network collapses after executing this command. Any idea what is wrong?
Last edited by DukeNuke2; 01-01-2012 at 01:01 PM..
 

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Spoofing paths.

There is a program that I am trying to run on a shell account. It depends on another program, which I have also copied to the shell account. Both are in my home directory, yet the first program has a different path hardcoded into it, which I cannot use because of permissions problems. How can I... (3 Replies)
Discussion started by: fahadsadah
3 Replies

2. UNIX for Dummies Questions & Answers

Spoofing a From Address in SMTP

Hi, I am currently using Mailx to send a mail message from my unix account via an SMTP relay. This is working ok. However from the recipient end the FROM address they see on mails received is <unix account>@<domain> eg prod@liveserver.com Is there anyway I can spoof this FROM address from the... (1 Reply)
Discussion started by: jimthompson
1 Replies

3. Cybersecurity

Help Make a spoofing DNS using pcap library

Hello all, i need your quick help. I have assignment project class to make a program using pcap library to spoofing DNS in linux environment. Can anyone help me, because i'm newbie in network security and in C?:confused: Regards, ptrfw (1 Reply)
Discussion started by: riska_bali
1 Replies

4. Cybersecurity

MAC Address spoofing

There is a question in the SCO section asking for information on how to change the MAC address of a NIC. Is there a valid reason for wanting to change the MAC address? (1 Reply)
Discussion started by: jgt
1 Replies

5. Solaris

MAC spoofing a virtual NIC on Solaris 5.0

Hi everybody! I'm facing a problem and I doubt about the solution (I'm not very familiar with old *NIXs). An external network supplier (let's call them "telco") just installed new communication components that filters MAC addresses. I have a Solaris 5 server, with 1 NIC (hte0) which is... (6 Replies)
Discussion started by: Isharfoxat
6 Replies

6. OS X (Apple)

ethernet mac spoofing

I tried to use the command sudo ifconfig en0 ether xx:xx:xx:xx:xx:xx to do mac spoofing for internet connection in my office. It works only for 5 minutes. Every time after about 5mins, the Internet will be disconnected. :wall: Any one knows how to solve this problem? Thanks. (6 Replies)
Discussion started by: andrewust
6 Replies

7. UNIX for Dummies Questions & Answers

Running into problems while spoofing IP Address

I have a machine (IP:192.168.1.185) and i want to send spoofed IP address (e.g. 192.168.1.212) to another machine(192.168.1.213) . I am using a spoofing program for this which uses raw sockets. Now whenever i pass the parameters(spoofed ip addr and destination) to the output of the program, i... (2 Replies)
Discussion started by: syncmaster
2 Replies

LEARN ABOUT ULTRIX

arp

arp(8c) 																   arp(8c)

Name
       arp - address resolution display and control

Syntax
       arp -a [vmunix] [kmem]
       arp [-d] hostname
       arp -f filename
       arp -s hostname ether_addr [temp] [pub] [trail]

Description
       The program displays and modifies the Internet-to-Ethernet address translation tables used by the address resolution protocol

       The hostname is the name of the host system for which information will be displayed or modified.

       With no flags, the program displays the current ARP entry for hostname.

Options
       -a   Displays current Address Resolution Protocol (ARP) entries from the specified name list and core files (next arguments).  If not spec-
	    ified, uses and respectively.

       -d   Deletes the entry for the host specified by name (next argument).

       -f   Reads information from the specified file (next argument) and modifies entries accordingly.  Entries in the file should be of the fol-
	    lowing form, with argument meanings as given previously:
	    hostname ether_addr [ temp ] [ pub ] [ trail ]

       -s   Creates an ARP entry for the host called hostname with the Ethernet address ether_addr.  The Ethernet address is given as six hexadec-
	    imal bytes separated by colons.  The entry will be permanent unless the word temp is given in the command.	If the word pub is  given,
	    the  entry will be published.  That is, the system will act as an ARP server, responding to requests for hostname even though the host
	    address is not its own.  The word trail indicates that trailer encapsulations may be sent to this host.

See Also
       arp(4p), ifconfig(8c)

																	   arp(8c)
All times are GMT -4. The time now is 04:29 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy