ARP-spoofing defense

Topher Fischer javert42 at cs.byu.edu
Wed Mar 14 11:18:38 MDT 2007


Corey Edwards wrote:
> On Wed, 2007-03-14 at 10:52 -0600, Topher Fischer wrote:
>   
>> Also, in my mind, the solution to this problem seems too easy.  I must
>> be missing something.  Why do machines even pay attention to ARP replies
>> that they did not solicit?  Why isn't ARP just implemented so that when
>> a request is sent out, then any matching replies are processed and
>> nothing more?  What am I missing here?
>>     
>
> I "researched" this one time too. What I found was that Linux and Cisco
> devices were not vulnerable to ARP spoofing because they did just as you
> outline. I looked through some of the ARP code in Linux and that
> appeared to indeed be the case, although I can't say I know that for
> sure. Windows was easily spoofed however.
>
> Corey
>   
It works against my laptop, which is running 2.6.19 right now.

-- 
Topher Fischer
GnuPG Fingerprint: 3597 1B8D C7A5 C5AF 2E19  EFF5 2FC3 BE99 D123 6674
javert42 at cs.byu.edu



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20070314/d3bb65fe/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://plug.org/pipermail/plug/attachments/20070314/d3bb65fe/attachment-0001.bin 


More information about the PLUG mailing list