ARP-spoofing defense

Nicholas Leippe nick at leippe.com
Wed Mar 14 13:53:10 MDT 2007


On Wednesday 14 March 2007 11:09, Michael L Torrie wrote:
> On Wed, 2007-03-14 at 10:07 -0700, Nicholas Leippe wrote:
> > This is an optimization.  Your host does this with the idea that if you
> > do decide to talk to one of these machines from which it has already seen
> > ARP traffic, it can skip that step.
> >
> > As for man-in-the middle, playing with ARP can cause disruption of
> > services, and could intercept insecure protocols.  Which is why for
> > critical data, ssl or other secure mechanism should be used.
>
> Additionally this is why SSL uses certificates that should be verified
> to prove that the host is who it says it is. Also ssh key fingerprints
> should always be verified.  How often do we ssh into a box and just
> automatically type "yes" to the fingerprint authorization?

I've always wondered about that. I search the man pages, and looked at the 
host key/files, but never figured out how to find the host's fingerprint to 
do this. I've thought about recording all of our server's fingerprints and 
publishing them somewhere/bringing them with me so I could verify them when 
I'm connecting from offsite.

Is there a simple command on the host to get the host's fingerprint?

IMO, there is a lack of good, clear documentation on secure protocols, and how 
to safely/properly use the tools that implement them.

My problem could be fixed by appending to the fingerprint authorization 
question the answer to my question above, eg "You can obtain the host's 
fingerprint by executing abc -j at the shell"...




More information about the PLUG mailing list