Re: static arp values
From: Pär Thoren (t98pth@student.bth.se)
Date: 04/22/01
- Next message: Pär Thoren: "Re: rpc.statd attack"
- Previous message: Karsten W. Rohrbach: "Re: Tripwire or the like for FreeBSD ?"
- In reply to: Dag-Erling Smorgrav: "Re: static arp values"
- Next in thread: Igor Podlesny: "Re[2]: static arp values"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 22 Apr 2001 20:03:44 +0200 (MEST) From: Pär Thoren <t98pth@student.bth.se> To: Dag-Erling Smorgrav <des@ofug.org>
a attacker can arppoisonen my arpcache with false information about what
macadress the gateway has. The attacker tells the arpcache that the
gateway ip has the macadress of his nic, then route my traffic to the
"real" gateway without my knowledge. He can then monitor my traffic. A
static value of the macadress of the gateway could prevent this.
This is, again, on a switched ethernet lan.
/Pär
On 22 Apr 2001, Dag-Erling Smorgrav wrote:
> Pär Thoren <t98pth@student.bth.se> writes:
> > But I can still sniff the connection between the machine with the static
> > arp value and the router. That is what I find strange.
>
> How do you expect a static ARP entry will prevent sniffing?
>
> DES
> --
> Dag-Erling Smorgrav - des@ofug.org
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Pär Thoren: "Re: rpc.statd attack"
- Previous message: Karsten W. Rohrbach: "Re: Tripwire or the like for FreeBSD ?"
- In reply to: Dag-Erling Smorgrav: "Re: static arp values"
- Next in thread: Igor Podlesny: "Re[2]: static arp values"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
