Re: arp MiTM

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Henry Sieff

Date: Monday, March 9, 2009 - 10:12 am

On Mon, Mar 9, 2009 at 9:15 AM, Eric Furman <ericfurman@fastmail.net> wrote:
quoted text> On Mon, 9 Mar 2009 16:54:27 +0100, "Felipe Alfaro Solana"
> <felipe.alfaro@gmail.com> said:
>> On Mon, Mar 9, 2009 at 1:11 PM, irix <irix@ukr.net> wrote:
>>
>> > Hello Misc,
>> >
>> >  How to protect your server from such attacks without the use of static
arp
quoted text>> > entries?
>> >  By freebsd 5.0 patch was written arp_antidote (
>> > http://freecap.ru/if_ether.c.patch),
>> >  somebody could port it on openbsd?
>> >
>> > Also, in freebsd it is possible to specify a flag through the ifconfig
>> > on the interface "staticarp", while "If the Address Resolution Protocol
is
quoted text>> > enabled,
>> > the host will only reply to requests for its addresses, and will never
send
quoted text>> > anyrequests."
>> > May you made this flag in openbsd ?
>>
>>
>> ARP is insecure, no matter how many patches you apply or how many hacks
>> you
>> try. If you want something more secure, use 802.1X, use security on the
>> switch, use IPv6+IPSec/SeND, etc.
>
> ARP was designed by Nazis.
> So, die now thread. DIE DIE

<delurk>
I believe that this qualifies as 'Quirk's exception'.
<lurk>

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

arp MiTM, irix, (Mon Mar 9, 5:11 am)

Re: arp MiTM, Paul de Weerd, (Mon Mar 9, 6:02 am)

Re: arp MiTM, Felipe Alfaro Solana, (Mon Mar 9, 8:54 am)

Re: arp MiTM, Eric Furman, (Mon Mar 9, 9:15 am)

Re: arp MiTM, Henry Sieff, (Mon Mar 9, 10:12 am)

Re: arp MiTM, irix, (Mon Mar 9, 10:19 am)

Re: arp MiTM , Theo de Raadt, (Mon Mar 9, 10:43 am)

Navigation

Popular discussions


linux-kernel:
Greg KH	Og dreams of kernels
Jens Axboe	[PATCH 31/33] Fusion: sg chaining support
Arnd Bergmann	Re: finding your own dead "CONFIG_" variables
Mark Brown	[PATCH 2/2] Subject: natsemi: Allow users to disable workaround for DspCfg reset
Tony Breeds	[LGUEST] Look in object dir for .config
git:
Brian Downing	Re: Git in a Nutshell guide
John Benes	Re: master has some toys
Matthias Lederhofer	[PATCH 4/7] introduce GIT_WORK_TREE to specify the work tree
Alexander Sulfrian	[RFC/PATCH] RE: git calls SSH_ASKPASS even if DISPLAY is not set
Junio C Hamano	Re: Rss produced by git is not valid xml?
git-commits-head:
Linux Kernel Mailing List	iSeries: fix section mismatch in iseries_veth
Linux Kernel Mailing List	ixbge: remove TX lock and redo TX accounting.
Linux Kernel Mailing List	ixgbe: fix several counter register errata
Linux Kernel Mailing List	b43: fix build with CONFIG_SSB_PCIHOST=n
Linux Kernel Mailing List	9p: block-based virtio client
linux-netdev:
Michael Breuer	Re: [PATCH] af_packet: Don't use skb after dev_queue_xmit()
Michael Breuer	Re: [PATCH] af_packet: Don't use skb after dev_queue_xmit()
David Daney	[PATCH 5/7] Staging: Octeon Ethernet: Convert to NAPI.
Wolfgang Grandegger	[PATCH net-next v4 1/3] can: mscan: fix improper return if dlc < 8 in start_xmi...
Amit Kumar Salecha	[PATCHv3 NEXT 2/2] NET: Add Qlogic ethernet driver for CNA devices
openbsd-misc:
Theo de Raadt	Re: Old IPSEC bug
Tomáš Bodžár	Problem with vpnc connection - check group password !
Insan Praja SW	Mandoc Compiling Error
Carl Roberso	Re: Cannot change MTU of carp interface?
Richard Daemon	Re: booting openbsd on eee without cd-rom

Colocation donated by:

Syndicate