Preventing an Arp Man in the middle attack

[yousaf465]

How can we prevent an Arp Man in the middle attack

 

[mckillwashere]

Use Https

 

[ickymay]

How can we prevent an Arp Man in the middle attack

quite simply be careful what networks you surf on

In simple terms a potential hacker would need either physical access to your network, or control of a machine on your local network as only local attackers can exploit ARP's insecurities

 

[mckillwashere]

How can we prevent an Arp Man in the middle attack

quite simply be careful what networks you surf on

In simple terms a potential hacker would need either physical access to your network, or control of a machine on your local network as only local attackers can exploit ARP's insecurities

Very good point.
But there are still ways that people can tunnel into your network if you have exploited software and hijack you that way, but you have a greater risk of your DNS being hijacked than MitMA...

 

[yousaf465]

How can we prevent an Arp Man in the middle attack

quite simply be careful what networks you surf on

In simple terms a potential hacker would need either physical access to your network, or control of a machine on your local network as only local attackers can exploit ARP's insecurities

What if the attacker has legal right to be on the network ?

 

[ickymay]

How can we prevent an Arp Man in the middle attack

quite simply be careful what networks you surf on

In simple terms a potential hacker would need either physical access to your network, or control of a machine on your local network as only local attackers can exploit ARP's insecurities

What if the attacker has legal right to be on the network ?

then if you where in control of the network you could use something like ArpON or you could use DHCP snooping which essentially validates from a whitelist, some switch vendors like Cisco have Dynamic ARP Inspection.

so if ARP spooofing is likely then network admins can impliment monitor and control by various methods

personally I never use networks for sensitive logons where I consider ARP spoofing as possible or likely

 

[yousaf465]

How do I set this up on a network connected in this way. It's a home network so i don't have any cisco switches.

router/modem------swtich----All pc's

 

[mckillwashere]

Do you have any spare computers sitting around with two network cards available?

 

[yousaf465]

Well yes, I have got one such machine, but it's has got no HD.

 

[mckillwashere]

Does it have a floppy drive?

 

[yousaf465]

I can manage with a USB drive instead. Can I use this solution on a custom firmware wifi router ?

 

[mckillwashere]

I was going to suggest setting up a pf sense box and installing a proxy service.

 

[yousaf465]

I was going to suggest setting up a pf sense box and installing a proxy service.

Well pf-sense's how-to on Live USB is not clear at all. Though I found a tutorial Install and Configure pfSense in Your Home Network | iceflatline

 

[mckillwashere]

Pf sense is actually very simple to install.
You burn a live disk,
and it gives you the option to install.

 

[yousaf465]

Pf sense is actually very simple to install.
You burn a live disk,
and it gives you the option to install.

I mostly/only use USB for livedisc. Only my Ubuntu is on cd, everything else, Linuxmint or Fedora etc are on USB.


Can I run it on my current pc for testing ?

 

[mckillwashere]

Yes they do have a vm. I was saying that you can burn the disk and install it to the flash drive from the live disk.

 

[yousaf465]

You can just create a LiveUSb as we do with Fedora How to create and use Live USB - FedoraProject

with this tool http://en.wikipedia.org/wiki/Fedora_Live_USB_creator

 

[mckillwashere]

Yes, just several extra steps...

 

[yousaf465]

I think I found a solution to many of my problems PacketProtector - Wikipedia, the free encyclopedia

1.Opendns for parental control
2. DansGuardian
3. ClamAV
4.Snort
5.Will run on Asus n16( hopefully)

 

[mckillwashere]

Snort is a plugin for pf sense