LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-29-2004, 10:47 AM   #1
sh1ft
Member
 
Registered: Feb 2004
Location: Ottawa, Ontario, Can
Distribution: Slackware, ubuntu
Posts: 391

Rep: Reputation: 31
Protection against arp poisening (MiM)


I'm currently living in a residence with a very large amount of people on the residence intranet, many of which I have reason to suspect are sniffing traffic and doing various man in the middle attacks. Now I have no real problem with this (it is a school after all, we are here for learning+exploration), but I want to know how to protect against it.

In particular I'm interested in protected my box against arp poisening like that employed by programs like ettercap.
 
Old 09-29-2004, 11:28 AM   #2
AAnarchYY
Member
 
Registered: Sep 2004
Location: Carlisle, MA
Distribution: Debian 8
Posts: 419

Rep: Reputation: 30
Nothing comes to mind at the moment that can really 'protect' you against arp poisoning, but you can use tools to look for them such as arpwatch
 
Old 09-29-2004, 02:07 PM   #3
sh1ft
Member
 
Registered: Feb 2004
Location: Ottawa, Ontario, Can
Distribution: Slackware, ubuntu
Posts: 391

Original Poster
Rep: Reputation: 31
Well, I would love to use this but there's next to none documentation around for it.
 
Old 09-29-2004, 03:08 PM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Did you try reading the man page? arpwatch is really easy to use. You can also use the arp command to load a static set of MAC address to IP mappings when you boot up, so that your stack doesn't allow hosts to dynamically inject them over the wire.
 
Old 09-29-2004, 06:16 PM   #5
sh1ft
Member
 
Registered: Feb 2004
Location: Ottawa, Ontario, Can
Distribution: Slackware, ubuntu
Posts: 391

Original Poster
Rep: Reputation: 31
well maybe its just me but I do:


Code:
$ man arpwatch
No manual entry for arpwatch
:/
 
Old 09-29-2004, 06:28 PM   #6
hp46168
Member
 
Registered: Jun 2004
Location: Indiana
Distribution: Suse 9.0
Posts: 120

Rep: Reputation: 15
Lightbulb

Quote:
Originally posted by sh1ft
well maybe its just me but I do:


Code:
$ man arpwatch
No manual entry for arpwatch
:/
could be just you, some commands only work as root
 
Old 09-29-2004, 09:28 PM   #7
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Well man pages are generally readable by all users, so apparently the arpwatch package is not installed. Try searching on rpmnet for it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange ARP behavior : A linux server responds to all ARP requests Hdvd21 Linux - Networking 4 10-24-2013 05:02 AM
hash protection freibuis Linux - Security 1 10-15-2004 01:07 AM
Disabling ARP probes after receiving an ARP request AltecLansingMan Linux - Networking 1 03-30-2004 01:25 PM
Virus protection wmeler Linux - Security 1 02-23-2004 11:16 AM
How to create an proxyarp entry in arp table by using arp command? himalayas Linux - Networking 0 06-04-2003 04:14 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration