ARP-spoofing defense
Nicholas Leippe
nick at leippe.com
Wed Mar 14 13:53:10 MDT 2007
On Wednesday 14 March 2007 11:09, Michael L Torrie wrote:
> On Wed, 2007-03-14 at 10:07 -0700, Nicholas Leippe wrote:
> > This is an optimization. Your host does this with the idea that if you
> > do decide to talk to one of these machines from which it has already seen
> > ARP traffic, it can skip that step.
> >
> > As for man-in-the middle, playing with ARP can cause disruption of
> > services, and could intercept insecure protocols. Which is why for
> > critical data, ssl or other secure mechanism should be used.
>
> Additionally this is why SSL uses certificates that should be verified
> to prove that the host is who it says it is. Also ssh key fingerprints
> should always be verified. How often do we ssh into a box and just
> automatically type "yes" to the fingerprint authorization?
I've always wondered about that. I search the man pages, and looked at the
host key/files, but never figured out how to find the host's fingerprint to
do this. I've thought about recording all of our server's fingerprints and
publishing them somewhere/bringing them with me so I could verify them when
I'm connecting from offsite.
Is there a simple command on the host to get the host's fingerprint?
IMO, there is a lack of good, clear documentation on secure protocols, and how
to safely/properly use the tools that implement them.
My problem could be fixed by appending to the fingerprint authorization
question the answer to my question above, eg "You can obtain the host's
fingerprint by executing abc -j at the shell"...
More information about the PLUG
mailing list