Re: static arp values

From: Pär Thoren (t98pth@student.bth.se)
Date: 04/22/01


Date: Sun, 22 Apr 2001 20:03:44 +0200 (MEST)
From: Pär Thoren <t98pth@student.bth.se>
To: Dag-Erling Smorgrav <des@ofug.org>


a attacker can arppoisonen my arpcache with false information about what
macadress the gateway has. The attacker tells the arpcache that the
gateway ip has the macadress of his nic, then route my traffic to the
"real" gateway without my knowledge. He can then monitor my traffic. A
static value of the macadress of the gateway could prevent this.
This is, again, on a switched ethernet lan.

/Pär

On 22 Apr 2001, Dag-Erling Smorgrav wrote:

> Pär Thoren <t98pth@student.bth.se> writes:
> > But I can still sniff the connection between the machine with the static
> > arp value and the router. That is what I find strange.
>
> How do you expect a static ARP entry will prevent sniffing?
>
> DES
> --
> Dag-Erling Smorgrav - des@ofug.org
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message