ARP Spoofing

Status
Not open for further replies.
E

enjoy

Journeyman
A person in my network is using ethereal/ettercap and mounts ARP spoofing attacks. so all my POP account passwords get known to him. How do I protect my privacy from these attacks. I am using WinXP Pro SP2, Pc-cillin 2005 Antivirus and Personal Firewall.

Is there any tool which can alert when such attacks are mounted or protect me from them.
 
GNUrag

GNUrag

FooBar Guy
If the person has access to your network's gateway then there's a lot he can do by just analysing the tcpdump. He has not compromised your computer but the gateway instead... so you can't do much unless you have access to gateway.

The only good option you have is to use POPs (Secure POP) for fetching email.
 
OP
E

enjoy

Journeyman
No he doesn't has access to gateway... And what is Secure POP ???

Dows MyRealBox.com, SpyMac.com supports it
 
GNUrag

GNUrag

FooBar Guy
Secore POP works over TLS and/or SSL links. Secure POP daemons generally listen on the standard port 995.

MyRealBox/SpyMac dont support POPs .. But Gmail's POP3 daemon works only over secure connection.
 
siriusb

siriusb

Cyborg Agent
One sure thing to stop it will be to complain this to the admin of your network. First of all he will ban the perpetrator and second he might install security tools against such attacks.
 
OP
E

enjoy

Journeyman
I dont want Netwwork Admins to interrupt in this process... Its a healthy competition and I simple want to secure myself.

SO I was looking for a utility which doesnt allows my Gateway address to be changed.. and if it gets changed, it should halt all traffic or send unlimited junk traffic to that spoofer..
 
D

digen

Youngling
Dude the network administrator has got be informed about such happenings.And oh healthy competition?
Dude not only is your company/personal data at risk,others maybe a victim of such a attack too.

I second GNU's answer,using email through SSL or tunneling traffic through a secure channel.But all this would need the help of your network administrator.
And may I know how you find out the arp attack taking place?
For the least you know he may have full control over routes & the default gateway.
 
V

vswizard

Broken In
Detect ARP Address Spoofing

The ARP spoofing attack is highly effective because it takes advantage of an inherent weakness in the design of a core network protocol.

The best approach is to monitors the ARP/IP pair combinations for machines on a given LAN. Some software can be configured to notify network or security administrators if any suspicious changes occur on the network, such as a broadcast ARP packet advertising a new MAC address for the LAN’s gateway.

I have the orginal ethernet address of the Gateway to my lan. And if i suspect any suspicious activity all i have to do is to verify the MAC address using " arp -a " .
 
mediator

mediator

Technomancer
Hey why dont u ping flood that spy and beat him in his own game! Use ur evil genius! This is the ripe time so go on!
 
OP
E

enjoy

Journeyman
Re: Detect ARP Address Spoofing

vswizard said:
The ARP spoofing attack is highly effective because it takes advantage of an inherent weakness in the design of a core network protocol.

The best approach is to monitors the ARP/IP pair combinations for machines on a given LAN. Some software can be configured to notify network or security administrators if any suspicious changes occur on the network, such as a broadcast ARP packet advertising a new MAC address for the LAN’s gateway.

I have the orginal ethernet address of the Gateway to my lan. And if i suspect any suspicious activity all i have to do is to verify the MAC address using " arp -a " .
Click to expand...

Could you please name a software...

Thanx.
 
V

vswizard

Broken In
Sawan

1) Static Entry was a question to every1 in the forum and not an anwer.. i m not just getting time to try it out.. if i do.. i will update here

2) Software.. well.. i m not so sure.. but there is a firewall called 8signs .

They had this on their website

Address/Port/MAC Groups
Simplify your ruleset and tighten security by using the port, IP and MAC address groups when creating rules in 8Signs Firewall. Using groups, you can create one rule that can apply to multiple ports, IP addresses or MAC addresses.
Click to expand...

*www.8signs.com/firewall/features.cfm
 
Status
Not open for further replies.
Top Bottom