ARP-spoofing defense

Topher Fischer javert42 at cs.byu.edu
Wed Mar 14 14:12:55 MDT 2007


Michael L Torrie wrote:
> On Wed, 2007-03-14 at 10:07 -0700, Nicholas Leippe wrote:
>   
>> This is an optimization.  Your host does this with the idea that if you do 
>> decide to talk to one of these machines from which it has already seen ARP 
>> traffic, it can skip that step.
>>
>> As for man-in-the middle, playing with ARP can cause disruption of services, 
>> and could intercept insecure protocols.  Which is why for critical data, ssl 
>> or other secure mechanism should be used.
>>     
>
> Additionally this is why SSL uses certificates that should be verified
> to prove that the host is who it says it is. Also ssh key fingerprints
> should always be verified.  How often do we ssh into a box and just
> automatically type "yes" to the fingerprint authorization?
>
> Michael
>   
Well, this makes me wonder.  Is there a standard way to configure ssh to
use certificates, and for clients to maintain a list of trusted CAs and
trusted certificates?

-- 
Topher Fischer
GnuPG Fingerprint: 3597 1B8D C7A5 C5AF 2E19  EFF5 2FC3 BE99 D123 6674
javert42 at cs.byu.edu


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://plug.org/pipermail/plug/attachments/20070314/5a50c5ff/attachment.bin 


More information about the PLUG mailing list