ARP-spoofing defense

Topher Fischer javert42 at cs.byu.edu
Wed Mar 14 10:52:38 MDT 2007


I'm doing a little research project that uses ARP-spoofing to perform an
attack.  It's kind of unnerving to see how easy it is to perform a
man-in-the-middle attack with ARP-spoofing, and mess with somebody's
network traffic.

My first question is, does anybody here actively do anything to protect
their machines against ARP-spoofing?  Do you set static entries in your
ARP tables, or run any services to watch for unusual ARP activity?  Have
you made any adjustments to your router settings in this regard?

Also, in my mind, the solution to this problem seems too easy.  I must
be missing something.  Why do machines even pay attention to ARP replies
that they did not solicit?  Why isn't ARP just implemented so that when
a request is sent out, then any matching replies are processed and
nothing more?  What am I missing here?

-- 
Topher Fischer
GnuPG Fingerprint: 3597 1B8D C7A5 C5AF 2E19  EFF5 2FC3 BE99 D123 6674
javert42 at cs.byu.edu


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://plug.org/pipermail/plug/attachments/20070314/b0cda5c8/attachment.bin 


More information about the PLUG mailing list