Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ok, I return to college here in a week and a half. We have ethernet based broadband access on a switched network - what I'm wondering is, is there any way to detect when someone is attempting to sniff my traffic?
The main reason I'm so worried about it is I check my own pop3 mail and log into my web server regularly, and I don't want my password or traffic caught.
It's a private baptist college, and I'm really the only person who has a serious security focus, but I just like to ensure nothing happens (we got a script kiddie last year who annoyed the crap out of me - he transfered though, thank goodness).
I'm running Slack 10 with 2.6.7, along with a modification to the kernel and a script that prevents port scanning (disabling sending of rst packets and a nemesis script that sends a fake packet response for other scans).
Sniffing on a switched network, while you're the only guy there with a "security focus"? Not a chance.
I suggest you check how a switch works and if you're still insecure about your data, use SSL like everybody else.
I have a pretty good idea of how a switch works - and I know how to sniff on a switched network through arp cache poisoning. It's stupid easy, and I see no reason to think that an incoming freshman who is itching to make a mark couldn't do it.
What I don't know much about is SSL.. Will it work for my needs? Here is my situation: I log into cPanel for checking stats, and I also need to be able to log into my PHP/MySQL news system. I can SSH into my server and do this through Lynx on the server, but using Lynx is a bit of a hassle for doing site updates and checking stats.
you can:
discover the mac address of the server you need to talk with (gateway to internet or wathever) using "arping 123.123.123.123"
then lock it using "arp -s 123.123.123.123 MAC_ADDRESS"
in this way an arp poisoning attack can't do anything against you
hope this help
Originally posted by wrongman you can:
discover the mac address of the server you need to talk with (gateway to internet or wathever) using "arping 123.123.123.123"
then lock it using "arp -s 123.123.123.123 MAC_ADDRESS"
in this way an arp poisoning attack can't do anything against you
hope this help
MAC adresses can be spoofed as easily as IP adresses, so that advice isn't much worth IMO.
the topic ask how to prevent "arp cache poisoning attack", in this way you can't do such an attack, spoofing the mac is another thing but anyway you'll have a network with two identical mac addresses, with arp poisoning you say to the machines "that ip is of this MAC", so victim will send you the packets... with spoofed mac you'd also do a DoS to the real MAC machine
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.