ARP-spoofing defense

Corey Edwards tensai at zmonkey.org
Wed Mar 14 11:15:47 MDT 2007


On Wed, 2007-03-14 at 11:09 -0600, Michael L Torrie wrote:
> On Wed, 2007-03-14 at 10:07 -0700, Nicholas Leippe wrote:
> > As for man-in-the middle, playing with ARP can cause disruption of services, 
> > and could intercept insecure protocols.  Which is why for critical data, ssl 
> > or other secure mechanism should be used.
> 
> Additionally this is why SSL uses certificates that should be verified
> to prove that the host is who it says it is. Also ssh key fingerprints
> should always be verified.  How often do we ssh into a box and just
> automatically type "yes" to the fingerprint authorization?

That's true, but how practical is it to verify an SSH fingerprint? All
you have to do is log in and check the host key. Oh, wait... With SSL
certs, at you have a CA infrastructure for verification (which often
doesn't get used). Around here it's enough if I can get people to use
SSH instead of telnet. Asking them to verify against a list of SSH
fingerprints would go over like a lead balloon.

Corey





More information about the PLUG mailing list