I'm doing a little research project that uses ARP-spoofing to perform an attack. It's kind of unnerving to see how easy it is to perform a man-in-the-middle attack with ARP-spoofing, and mess with somebody's network traffic.
My first question is, does anybody here actively do anything to protect their machines against ARP-spoofing? Do you set static entries in your ARP tables, or run any services to watch for unusual ARP activity? Have you made any adjustments to your router settings in this regard? Also, in my mind, the solution to this problem seems too easy. I must be missing something. Why do machines even pay attention to ARP replies that they did not solicit? Why isn't ARP just implemented so that when a request is sent out, then any matching replies are processed and nothing more? What am I missing here? -- Topher Fischer GnuPG Fingerprint: 3597 1B8D C7A5 C5AF 2E19 EFF5 2FC3 BE99 D123 6674 [EMAIL PROTECTED]
signature.asc
Description: OpenPGP digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
