Does subterfuge's ARP poisoning attack work on all networks? If not, what kind of precautions can be taken against it? Meaning, what kind of networks, if any, does it fail on? My understanding is that the only way to fight the attack is to have some sort of CA or web of trust; since wifi and ethernet networks don't have that capability, every network should be vulnerable. Am I right?
Asked
Active
Viewed 207 times
1 Answers
1
No, it isn't a silver bullet, for example:
- You are using static ARP entries. This will completely mitigate the risk of ARP spoofing.
- You are using encryption and you are using it properly. The bad guy can sniff your traffic, but he can't do anything with it.
redfast00
- 170
- 11
-
For encryption, you would need a way of verifying identity, e.g. using a web of trust like I said. – Elliot Gorokhovsky Feb 02 '16 at 23:50
-
Indeed, but static ARP is still an option if your network isn't too big – redfast00 Feb 02 '16 at 23:52
-
So basically unless you verify everybody's identity there's no way – Elliot Gorokhovsky Feb 02 '16 at 23:53
-
What about networks where you login with a username? Because then when people join you know who they are, so you could set it up so they can't later pretend to be the router. – Elliot Gorokhovsky Feb 02 '16 at 23:54
-
You only need to verify the nodes you want to 'talk' to. – redfast00 Feb 02 '16 at 23:55
-
Only the defender needs the static entries (of the gateway and other servers on the LAN it needs to talk to). – redfast00 Feb 03 '16 at 00:00
-
Ya, I meant "the defender knows who they are" – Elliot Gorokhovsky Feb 03 '16 at 00:06
-
First, ensure attackers can't get onto your network. – redfast00 Feb 03 '16 at 00:08