1

I tried ARP poison on my local test system with ettercap. It was successfully, so I decided to run a test on most secure systems, like Facebook and Google, but I could not reach them and they warned me: "The connection is not private". I know there are lots of IDS/IPS which can detect this attack and I was looking for the answer how to prevent ARP poison in case of my router. According the description I have to use static IP addressing and IP and MAC binding, but I need to use DHCP, because lots of devices are connecting via WIFI. Often arrive new devices to the network, therefore I can't use this technique. How can I prevent ARP poison in this case?

Additional information: my router type is TP-Link N600.

ampika
  • 655
  • 7
  • 13

2 Answers2

0

Consumer level switch or routers will most probably not provide any protection against ARP poisoning.

However, in the case of a small personal network directly connected to the router, you can add a permanent entry in your computer in order to associate the router IP to it's real MAC address.

Luckily enough, the command is the same on Linux and Windows hosts: arp -s <inet_addr> <hw_addr> where:

  • <inet_addr> represents the IP address,
  • <hw_addr> represents the MAC address.

This solutions presents nevertheless a few limitations:

  • It works best if all the hosts are connected directly to the router. If you have a switch between your hosts and your router, another host might still use ARP spoofing to confuse the switch,
  • In case of mobile devices, you may encounter an issue if you connect to another network using the same IP but a different MAC address (a lot of personal network have their router associated to addresses such as 192.168.0.1),
  • It is not salable to larger networks since it would quickly become heavy to maintain (but in this case there are often other detection / prevention measure available).
WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
0

In addition to inspecting the routing table using the 'arp -a' command there are also tools such as 'arpwatch' and even 'arptables' which provides a way to implement a layer two network traffic packet filter or IDS.

Because your current router firmware does not allow for this type of software installation and configuration you may want to explore or entertain the idea of implementing a linux based firmware compatible with your device such as dd-wrt.

jas-
  • 931
  • 5
  • 9