Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Protection against arp spoofing
Special Forums IP Networking Protection against arp spoofing Post 302586616 by chrisperry on Monday 2nd of January 2012 07:05:15 PM
Old 01-02-2012
There is only one router in that network, so all arp traffic is passing through it and it can be monitored and filtered.
Yes, the attacker must be on my local network, that's the idea. Arp spoofing is common on public hotspots, university networks etc.

But you are right, dropping all trafic is not a good solution.
Do you propose another protection?
 

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Spoofing paths.

There is a program that I am trying to run on a shell account. It depends on another program, which I have also copied to the shell account. Both are in my home directory, yet the first program has a different path hardcoded into it, which I cannot use because of permissions problems. How can I... (3 Replies)
Discussion started by: fahadsadah
3 Replies

2. UNIX for Dummies Questions & Answers

Spoofing a From Address in SMTP

Hi, I am currently using Mailx to send a mail message from my unix account via an SMTP relay. This is working ok. However from the recipient end the FROM address they see on mails received is <unix account>@<domain> eg prod@liveserver.com Is there anyway I can spoof this FROM address from the... (1 Reply)
Discussion started by: jimthompson
1 Replies

3. Cybersecurity

Help Make a spoofing DNS using pcap library

Hello all, i need your quick help. I have assignment project class to make a program using pcap library to spoofing DNS in linux environment. Can anyone help me, because i'm newbie in network security and in C?:confused: Regards, ptrfw (1 Reply)
Discussion started by: riska_bali
1 Replies

4. Cybersecurity

MAC Address spoofing

There is a question in the SCO section asking for information on how to change the MAC address of a NIC. Is there a valid reason for wanting to change the MAC address? (1 Reply)
Discussion started by: jgt
1 Replies

5. Solaris

MAC spoofing a virtual NIC on Solaris 5.0

Hi everybody! I'm facing a problem and I doubt about the solution (I'm not very familiar with old *NIXs). An external network supplier (let's call them "telco") just installed new communication components that filters MAC addresses. I have a Solaris 5 server, with 1 NIC (hte0) which is... (6 Replies)
Discussion started by: Isharfoxat
6 Replies

6. OS X (Apple)

ethernet mac spoofing

I tried to use the command sudo ifconfig en0 ether xx:xx:xx:xx:xx:xx to do mac spoofing for internet connection in my office. It works only for 5 minutes. Every time after about 5mins, the Internet will be disconnected. :wall: Any one knows how to solve this problem? Thanks. (6 Replies)
Discussion started by: andrewust
6 Replies

7. UNIX for Dummies Questions & Answers

Running into problems while spoofing IP Address

I have a machine (IP:192.168.1.185) and i want to send spoofed IP address (e.g. 192.168.1.212) to another machine(192.168.1.213) . I am using a spoofing program for this which uses raw sockets. Now whenever i pass the parameters(spoofed ip addr and destination) to the output of the program, i... (2 Replies)
Discussion started by: syncmaster
2 Replies

LEARN ABOUT DEBIAN

netdiscover

netdiscover(8)							   User Commands						    netdiscover(8)

NAME

       netdiscover - an active/passive arp reconnaissance tool.

SYNOPSIS

       netdiscover [-i device] [-r range | -l file | -p] [-s time] [-n node] [-c count] [-f] [-d] [-S] [-P] [-L]

DESCRIPTION

       netdiscover  is	an  active/passive  arp  reconnaissance  tool, initialy developed to gain information about wireless networks without dhcp
       servers in wardriving scenarios. It can also be used on switched networks. Built on top of libnet and  libpcap,	it  can  passively  detect
       online hosts or search for them by sending arp requests.

       Furthermore, it can be used to inspect your network's arp traffic, or find network addresses using auto scan mode, which will scan for com-
       mon local networks.

OPTIONS

       -i device
	      The network interface to sniff and inject packets. If no interface is specified, first available will be used.

       -r range
	      Scan a given range instead of auto scan. Valid range values area for example: 192.168.0.0/24, 192.168.0.0/16 or 192.168.0.0/8.

       -l file
	      Scan ranges contained on the given file, it must contain one range per line.

       -p     Enable passive mode. In passive mode, netdiscover does not send anything, but does only sniff.

       -s time
	      Sleep given time in milliseconds between each arp request injection. (default 1)

       -c count
	      Number of times to send each arp request. Useful for networks with packet loss, so it will scan given times for each host.

       -n node
	      Last ip octet of the source ip used for scanning. You can change it if the default host is already used. (allowed range: 2  to  253,
	      default 66)

       -S     Enable  sleep time suppression between each request. If set, netdiscover will sleep after having scanned 255 hosts instead of sleep-
	      ing after each one.  This mode was used in netdiscover 0.3 beta4 and before. Avoid this option in networks with packet loss,  or	in
	      wireless networks with low signal level. (also called hardcore mode)

       -f     Enable  fast  mode  scan. This will only scan for .1, .100 and .254 on each network. This mode is usefull while searching for ranges
	      being used.  After you found such range you can make a specific range scan to find online boxes.

       -d     Ignore configuration files at home dir, this will use defaults ranges and ips for autoscan and fast mode. See below for  information
	      about configuration files.

       -P     Produces	output	suitable to be redirected into a file or be parsed by another program, instead of using interactive mode. Enabling
	      this option, netdiscover will stop after scanning given ranges.

       -L     When using -P, continue program execution after the active scan phase to capture ARP packets passively.

USAGE

       If passive mode (-p), scan list (-l) or scan range (-r) options arent enabled, netdiscover will scan for common lan addresses.

       Screen control keys

       h      Show help screen

       j      Scroll down (or down arrow)

       k      Scroll up (or up arrow)

       a      Show arp replys list

       r      Show arp requests list

       q      Close help screen or end application

CONFIG FILES

       There are 2 configuration files that netdiscover will look for, each time it is executed, if file doesnt exist it will use default  values.
       You can use the -d switch to disable reading and loading configuration files.

       ~/.netdiscover/ranges
	      This  file  contains  a list of ranges (one per line) used for auto scan mode instead of default ranges. By default netdiscover will
	      use a list of common ranges used on local networks.

	      Example:
	       192.168.21.0/24
	       172.26.0.0/16
	       10.0.0.0/8

       ~/.netdiscover/fastips
	      List contaning the last octect of the ips to be scanned on each subnet, when using fast mode, by default (1,100,154).

	      Example:
	       1
	       10
	       25
	       254

AUTHOR

       netdiscover was written by Jaime Penalba Estebanez.

       This manual page was originaly written by Nicolas Weyland, for the Debian project. This man page has been merged into netdiscover  project,
       and modified from the original.

netdiscover							   February 2006						    netdiscover(8)
All times are GMT -4. The time now is 04:13 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy