Hi, I'm trying to find a way to protect my network against arp spoofing.
What it is:
An attacker sends fake arp packets in the network, identifying himself as the router. All network traffic is then redirected to this attacker.
How to protect myself:
In my opinion, the best possible protection is arptables firewall running on my router. But I'm not sure hot to set it up properly. It sholud be simillar to iptables, so I tried:
Code:
arptables -P INPUT DROP
arptables -P OUTPUT DROP
arptables -A INPUT -s 192.168.1.1 --source-mac MAC:OF:MY:ROUTER -j ACCEPT
arptables -A OUTPUT -d 192.168.1.1 --destination-mac MAC:OF:MY:ROUTER -j ACCEPT
So all arp packets are dropped (default policy DROP, first two lines) and only those coming from or to my router (= valid ones) are allowed.
But for some reason, my whole network collapses after executing this command. Any idea what is wrong?
Last edited by DukeNuke2; 01-01-2012 at 01:01 PM..
ARP packets aren't routed, they are local subnet traffic. So putting arptables on your gateway won't stop arp going anywhere else. This means an attacker would have to actually be on your local network to spoof arp, too.
If you do have some strange configuration where all arp must pass through your router and an attacker could attach to your local network from afar, there's a lot of important arp traffic that must be broadcasted, too, you can't cavalierly block everything except certain sources and destinations.
There is only one router in that network, so all arp traffic is passing through it and it can be monitored and filtered.
Yes, the attacker must be on my local network, that's the idea. Arp spoofing is common on public hotspots, university networks etc.
But you are right, dropping all trafic is not a good solution.
Do you propose another protection?
I have a machine (IP:192.168.1.185) and i want to send spoofed IP address (e.g. 192.168.1.212) to another machine(192.168.1.213) . I am using a spoofing program for this which uses raw sockets.
Now whenever i pass the parameters(spoofed ip addr and destination) to the output of the program, i... (2 Replies)
I tried to use the command
sudo ifconfig en0 ether xx:xx:xx:xx:xx:xx
to do mac spoofing for internet connection in my office. It works only for 5 minutes. Every time after about 5mins, the Internet will be disconnected. :wall:
Any one knows how to solve this problem? Thanks. (6 Replies)
Hi everybody!
I'm facing a problem and I doubt about the solution (I'm not very familiar with old *NIXs).
An external network supplier (let's call them "telco") just installed new communication components that filters MAC addresses.
I have a Solaris 5 server, with 1 NIC (hte0) which is... (6 Replies)
There is a question in the SCO section asking for information on how to change the MAC address of a NIC. Is there a valid reason for wanting to change the MAC address? (1 Reply)
Hello all, i need your quick help. I have assignment project class to make a program using pcap library to spoofing DNS in linux environment. Can anyone help me, because i'm newbie in network security and in C?:confused:
Regards,
ptrfw (1 Reply)
Hi, I am currently using Mailx to send a mail message from my unix account via an SMTP relay. This is working ok.
However from the recipient end the FROM address they see on mails received is <unix account>@<domain> eg prod@liveserver.com
Is there anyway I can spoof this FROM address from the... (1 Reply)
There is a program that I am trying to run on a shell account. It depends on another program, which I have also copied to the shell account. Both are in my home directory, yet the first program has a different path hardcoded into it, which I cannot use because of permissions problems.
How can I... (3 Replies)
