ARP Poisoning
-
- Naik
- Posts: 70
- Joined: Sat Oct 20, 2007 5:18 am
AOA,
Dear Friends,
I read allot about VPN and PPPoE when i was facing this issue. I came to know that even VPN can be affected with this as it is IP based. PPPoE has less chance to get affected, as it is MAC Address based.
If you use IPSEC or L2TP in VPN then you have less chances to get affected.
The only drawback that PPPoE has for Cable Net Operators is the Dialer. For a normal client creating a PPPoE Dialer is a bit difficult, for that i created a simple software in VB that creates a PPPoE Dialer for Client, but right now its only working in XP.
I started this post when i faced some serious issues regarding ARP Poisoning. As the issue is client side i figured out that i can not setup a server side solution untill i switch to some other authentication method like PPPoE or VPN. Then i created an application in VB that works at client side and resolves the issue 100%.
Now i have heard that some Local ISP's are facing issues regarding DNS Injecting and a bogus DHCP. This can also be resolved as i have recently given a complete solution to a friend of mine in Lahore.
Dear Friends,
I read allot about VPN and PPPoE when i was facing this issue. I came to know that even VPN can be affected with this as it is IP based. PPPoE has less chance to get affected, as it is MAC Address based.
If you use IPSEC or L2TP in VPN then you have less chances to get affected.
The only drawback that PPPoE has for Cable Net Operators is the Dialer. For a normal client creating a PPPoE Dialer is a bit difficult, for that i created a simple software in VB that creates a PPPoE Dialer for Client, but right now its only working in XP.
I started this post when i faced some serious issues regarding ARP Poisoning. As the issue is client side i figured out that i can not setup a server side solution untill i switch to some other authentication method like PPPoE or VPN. Then i created an application in VB that works at client side and resolves the issue 100%.
Now i have heard that some Local ISP's are facing issues regarding DNS Injecting and a bogus DHCP. This can also be resolved as i have recently given a complete solution to a friend of mine in Lahore.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
-
- Naik
- Posts: 70
- Joined: Sat Oct 20, 2007 5:18 am
AOA,
I implemented VPN (PPTP) some time back on Linux, but i faced the same problem regarding ARP, however it was much less then normal.
Let me clarify something, the type of ARP attack was faced by the cable net operators is not a MiM (Man in the Middle) attack.
The attack was very different. The MAC address of the server at client's arp cache was changing rapidly from one MAC to other.
Regarding manageable switches, its a bit expensive for a network that has about 100 to 1000 switches.
I am not saying that VPN is not a good solution, it is one the solutions for such kinds of attacks provided that VPN is configured properly to use encryption. For windows clients MPPE (Microsoft Point-to-Point Encryption) is used.
I implemented VPN (PPTP) some time back on Linux, but i faced the same problem regarding ARP, however it was much less then normal.
Let me clarify something, the type of ARP attack was faced by the cable net operators is not a MiM (Man in the Middle) attack.
The attack was very different. The MAC address of the server at client's arp cache was changing rapidly from one MAC to other.
Regarding manageable switches, its a bit expensive for a network that has about 100 to 1000 switches.
I am not saying that VPN is not a good solution, it is one the solutions for such kinds of attacks provided that VPN is configured properly to use encryption. For windows clients MPPE (Microsoft Point-to-Point Encryption) is used.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
-
- Naik
- Posts: 70
- Joined: Sat Oct 20, 2007 5:18 am
-
- Naik
- Posts: 70
- Joined: Sat Oct 20, 2007 5:18 am
Well, If u r working on a network then u must be having an ip and mac. Arp poisoning and ARP attack will simply disrupt communication in any case unless someone use layer 2 switches. If using PPPoe or VPN no one can use Man in the middle attack and get sencitive information as information is encrypted and have a password but Arp poisoning (in the form of DoS) will continue so some fluctuation will be there. So simply static entries of MAC addresses at server and client is the solution.
I have not used PPPoE yet so i m not sure about it but I think network will not work if MAC address becomes encrypted. so attack will be always there but can be minimized with PPPoE and VPN or some other encryption.
I have not used PPPoE yet so i m not sure about it but I think network will not work if MAC address becomes encrypted. so attack will be always there but can be minimized with PPPoE and VPN or some other encryption.
-
- Naik
- Posts: 70
- Joined: Sat Oct 20, 2007 5:18 am
-
- Naik
- Posts: 70
- Joined: Sat Oct 20, 2007 5:18 am
You both are correct, with ARP attack one can get information going over a network. Which i use to do about 5 years back .
However as i said earlier the type of ARP attack faced by some cable net operators was a bit different, it was not someone intending to do a MiM attack, a bogus MAC or many bogus MAC addresses were replacing server's MAC on client's ARP cache.
I started this threat to over come this issue, which i later came to know can be minimized by using PPPoE or VPN. I still use simple DHCP based network with no VPN or PPPoE, and still my network is not in any way affected with ARP attack. What i did, i created a simple application in VB (Visual Basic) and installed it at all my clients PC's.
However as i said earlier the type of ARP attack faced by some cable net operators was a bit different, it was not someone intending to do a MiM attack, a bogus MAC or many bogus MAC addresses were replacing server's MAC on client's ARP cache.
I started this threat to over come this issue, which i later came to know can be minimized by using PPPoE or VPN. I still use simple DHCP based network with no VPN or PPPoE, and still my network is not in any way affected with ARP attack. What i did, i created a simple application in VB (Visual Basic) and installed it at all my clients PC's.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
AOA,
The application i created performs some steps to make sure client's ARP cache is proper as per the network. One of the steps is to make static ARP entry.
The software has some extra features also, however right now i only have XP compatible version of it and working with VISTA compatible version.
The application i created performs some steps to make sure client's ARP cache is proper as per the network. One of the steps is to make static ARP entry.
The software has some extra features also, however right now i only have XP compatible version of it and working with VISTA compatible version.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com