ARP-spoofing defense

Michael L Torrie torriem at chem.byu.edu
Wed Mar 14 11:09:13 MDT 2007


On Wed, 2007-03-14 at 10:07 -0700, Nicholas Leippe wrote:
> 
> This is an optimization.  Your host does this with the idea that if you do 
> decide to talk to one of these machines from which it has already seen ARP 
> traffic, it can skip that step.
> 
> As for man-in-the middle, playing with ARP can cause disruption of services, 
> and could intercept insecure protocols.  Which is why for critical data, ssl 
> or other secure mechanism should be used.

Additionally this is why SSL uses certificates that should be verified
to prove that the host is who it says it is. Also ssh key fingerprints
should always be verified.  How often do we ssh into a box and just
automatically type "yes" to the fingerprint authorization?

Michael


> 
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
> 




More information about the PLUG mailing list