ARP-spoofing defense

Corey Edwards tensai at zmonkey.org
Wed Mar 14 11:12:05 MDT 2007


On Wed, 2007-03-14 at 10:52 -0600, Topher Fischer wrote:
> Also, in my mind, the solution to this problem seems too easy.  I must
> be missing something.  Why do machines even pay attention to ARP replies
> that they did not solicit?  Why isn't ARP just implemented so that when
> a request is sent out, then any matching replies are processed and
> nothing more?  What am I missing here?

I "researched" this one time too. What I found was that Linux and Cisco
devices were not vulnerable to ARP spoofing because they did just as you
outline. I looked through some of the ARP code in Linux and that
appeared to indeed be the case, although I can't say I know that for
sure. Windows was easily spoofed however.

Corey





More information about the PLUG mailing list