Re: Attacking our pc router at work
Mark Jayson Alvarez wrote: > Hi, >I have one question. What if I change my ip and mac address at the > same time to that of our pcrouter's ip and mac... Will this going to > kick out that router in our network, causing the rest of the entire > lan to be out of service?? No one's gonna caught me right?? Arpwatch > can only watch if an ip address has moved to another mac address but > not when both ip and mac has moved to another ip and mac... Do you > know any possible solution to this?? Your question is off topic for this list. Use inteligent switches (not hubs) and port security (you can allow only a specific MAC address behind a switch port). You could also use static entries on the switch for some MAC addresses (entry on a switch is a MAC address + port behind which the address can be found) but that isn't as safe. An attacker can generate traffic with lots of source MAC addresses. Every switch has limited memory to store the MAC addresses and usually when the table is full it starts working as a hub. A sophisticate attacker may still be able to contaminate end stations - if he sends a gratuitous ARP reply to a station where he pretends he is the router (changes the MAC address), he will receive the traffic for the router and can also then make man-in-the-middle attacks (insert himself into forwarding chain of the station). More sophisticated solution is using 802.1x - port-based authentication - a switch will only start forwarding traffic to you once you authenticate and you of course shouldn't be able to authenticate as the server. On FreeBSD you can disable ARP and/or create static ARP entries and it will protect you a little but you also need to configure some protection on the network infrastructure. It's quite a complex issue to protect against this type of attack and I am no real guru so please take what I said with a grain of salt. HTH Michal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Attacking our pc router at work
>-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Behalf Of Mark Jayson >Alvarez >Sent: Wednesday, April 05, 2006 2:04 AM >To: freebsd-questions@freebsd.org >Subject: Attacking our pc router at work > > >Hi, > > I have one question. What if I change my ip and mac address at >the same time to that of our pcrouter's ip and mac... Will this >going to kick out that router in our network, causing the rest >of the entire lan to be out of service?? Yes. >No one's gonna caught >me right?? That depends. >Arpwatch can only watch if an ip address has moved >to another mac address but not when both ip and mac has moved >to another ip and mac... Do you know any possible solution to this?? > Yes, buy good managed switches and install mac-level filters. People that run dumb hubs or unmanaged switches in a large network are effin idiots in my book. In a small network, like 20 or fewer stations, a savvy admin who has encountered this trick before (ie: someone who has worked college networks since there's always a few smart guys in the fresman dorms who try this every year) can simply start pulling out patch connections from the main hub or switch until the problem goes away. Typically corporate nets don't have these kinds of problems since not many people want to risk getting fired. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Attacking our pc router at work
Hi, I have one question. What if I change my ip and mac address at the same time to that of our pcrouter's ip and mac... Will this going to kick out that router in our network, causing the rest of the entire lan to be out of service?? No one's gonna caught me right?? Arpwatch can only watch if an ip address has moved to another mac address but not when both ip and mac has moved to another ip and mac... Do you know any possible solution to this?? Thanks.. - New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"