ARP Poisoning

Protecting your Linux box
securitykid
Naik
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Postby securitykid » Mon Dec 15, 2008 2:54 pm

Osama,

at the client end just a VPN Connection to the setup linux box(one time job):

see this for details

http://compnetworking.about.com/od/wind ... onnect.htm

Thanks
SecurityKID-ITdotCOM
Security Every Where! BUT where? :)

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Mon Dec 15, 2008 11:28 pm

Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

securitykid
Naik
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Postby securitykid » Tue Dec 16, 2008 10:21 am

SecurityKID-ITdotCOM

Security Every Where! BUT where? :)

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Tue Dec 16, 2008 5:02 pm

Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

securitykid
Naik
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Postby securitykid » Wed Dec 17, 2008 10:38 am

SecurityKID-ITdotCOM

Security Every Where! BUT where? :)

osama
Havaldaar
Posts: 117
Joined: Fri Aug 22, 2008 9:08 am

Postby osama » Wed Dec 17, 2008 5:45 pm

ARP attack is sometimes a simply Denial of service(DoS) attack.

A buddy can use ARP attack to accomplish Man in the middle attack. If its the case then he can get your passwords u enter in browser (under http) or chatting softwares or any other usefull information u send on network.

securitykid
Naik
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Postby securitykid » Wed Dec 17, 2008 6:24 pm

Correct!

Having said that, if you ask me I can even get the password and/or content even over HTTPS, POPS, IMAPS, etc..... ;)

Finger Crossed ;)

Thanks
SecurityKID-ITdotCOM

Security Every Where! BUT where? :)

osama
Havaldaar
Posts: 117
Joined: Fri Aug 22, 2008 9:08 am

Postby osama » Wed Dec 17, 2008 6:35 pm

Well, If u r working on a network then u must be having an ip and mac. Arp poisoning and ARP attack will simply disrupt communication in any case unless someone use layer 2 switches. If using PPPoe or VPN no one can use Man in the middle attack and get sencitive information as information is encrypted and have a password but Arp poisoning (in the form of DoS) will continue so some fluctuation will be there. So simply static entries of MAC addresses at server and client is the solution.
I have not used PPPoE yet so i m not sure about it but I think network will not work if MAC address becomes encrypted. so attack will be always there but can be minimized with PPPoE and VPN or some other encryption.

securitykid
Naik
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Postby securitykid » Wed Dec 17, 2008 6:38 pm

and that's all what you can get FREE isn't it ;)
SecurityKID-ITdotCOM

Security Every Where! BUT where? :)

osama
Havaldaar
Posts: 117
Joined: Fri Aug 22, 2008 9:08 am

Postby osama » Wed Dec 17, 2008 6:39 pm

I know any information can be decrypted.

can u teach me :P

securitykid
Naik
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Postby securitykid » Wed Dec 17, 2008 7:22 pm

decrypted yes if you super computer :D, you can get it actually before it gets encrypted, I don't know much still a security kid :D

Thanks
SecurityKID-ITdotCOM

Security Every Where! BUT where? :)

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Wed Dec 17, 2008 7:51 pm

You both are correct, with ARP attack one can get information going over a network. Which i use to do about 5 years back :D .

However as i said earlier the type of ARP attack faced by some cable net operators was a bit different, it was not someone intending to do a MiM attack, a bogus MAC or many bogus MAC addresses were replacing server's MAC on client's ARP cache.

I started this threat to over come this issue, which i later came to know can be minimized by using PPPoE or VPN. I still use simple DHCP based network with no VPN or PPPoE, and still my network is not in any way affected with ARP attack. What i did, i created a simple application in VB (Visual Basic) and installed it at all my clients PC's.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Postby x2oxen » Sat Dec 20, 2008 1:47 pm

what your application do mudassir? is that just do a static arp entry for server address or that do something else as well?
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Sat Dec 20, 2008 3:40 pm

AOA,

The application i created performs some steps to make sure client's ARP cache is proper as per the network. One of the steps is to make static ARP entry.

The software has some extra features also, however right now i only have XP compatible version of it and working with VISTA compatible version.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Postby x2oxen » Fri Dec 26, 2008 12:05 pm

Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com


Return to “Security”

Who is online

Users browsing this forum: No registered users and 2 guests