Ok, i recently beacame the 'victim' of a ARP poisoning attack (read my thread 'Evil Joke' in general chat for what happend!). Im looking for a way to prevent this from happening again, Its my understanding that ARP is used to get a MAC address for another computer so data can be exchanged. So, If i gave every computer in my network a Static IP, then the ARP table values (IP = MAC) for any computer in my network will not need to change! How would i fix the ARP table? (prevent the values from changing for the machines with static IP's). I need a method for linux and windows, the slight problem is that im not allowed to modify our router (Linksys WAG54G) so it would still be vulnerable (But other machines would be able to 'repair' it by correctly reporting themselves). I Have tried to keep my terminology correct, but im kinda new to ARP tables as before today i had no reason to be interested in them! Any help would be great! PS i have done soem reaserch of my own, but i have only found methods for detecting it!
Read the thread in general chat for full details! He's a friend... and i had invited him over, and he brought his laptop. 'victim' isnt quiet the right word, as it was quite funny! I just want to stop him doing it again, we are currently "1 uping each other" as to who get get the other onto certain sites (or display there content on the others computer). If i can stop this he has to find a new method. i was planning to use a proxy which allways passed on meatspin whatever was requested (set up locally).
How do you prevent APR (ARP Poisoning / Redirection) attacks? Keep him off of your layer 2 switches. Ethernet-layer broadcast traffic is extremely easy to spoof/poison. Physical network security is still network security.
I am looking for a method to prevent the 'attack' from succeding, as i intend to challange him to do it again! (allthough not letting him onto the network would prevent the attack, its not really fair if its a challange!). I Know that SUN os is not vulnerable to this sort of attack, i was told something along the lines that it does not update it ARP cache. I am looking to do much the same thing with windows and linux machines. This is definetly the fun way to learn security, last night it was metasploit (got a remote console on my windoze machine ). To catch a thief, be a thief.... but wear a white hat!
I don't really see the point in disabling ARP - I'm not even sure if a network can work without it. Anyway, the commands are the same for Linux and Windows. Open up a command prompt (or a Linux Terminal) and type: ARP /? for Windows ARP -h for Linux. Theres a switch to disable it
I talked to some other engineers, and they basically said the same thing I did. "Why the hell is he letting the guy on his layer 2 switch?"
Start using static ARP tables. Or IPsec. Apart from that theres nothing you can do if he has access to level 2 switches.
Thanks guys, i now have static Table entries :> Is there anyway to do the same on my Linksys WAG54G @AT I'm letting him on coz he's my best mate, and i challanged him to do it (get revenge for what i did to him ). Just think of it like a game...
