[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [NETVAERK] Arp poisoning detection



Hej igen.

Jeg synes lige jeg vil skyde en bemærkning ind, for at gøre noget mere klart.

Det er meningen at arpwatch skal køre på routeren (gatewayen), som
der også siges.
Men, dem der laver disse "fyfy" programmer kan skam også tænke
selv. I Ettercap f.eks er det meget nemt at lave et "one-way" arpspoofnings
angreb. Dvs den kan gå ind og ændre i alle brugernes arp caches,
og så lige undlade routerens.

Det betyder så at alt trafik udefra godtnok ikke bliver sniffet,
men alt der kommer indefra (passwords mm) bliver stadig
opfanget -- uden arpwatcher opdager det.

Derfor vil jeg anbefale ikke kun at køre arpwatch på routeren,
men også på en "anonym" maskine på lokalnetværket.
Med anonym mener jeg at det er en maskine, som så få som muligt
har kendskab til, specielt skal ip nummeret helst være ukendt (skiftes
ud indimellem måske?).

Den skal også kunne overvåges og aflæses tit, uden for mange bemærker det.


Det er noget tricky noget sådan noget netværkssikkerhed.


Anders Søndergaard

-- 
Yesterday you should have eaten, drinken and been merry, for today
they made it illegal. (!)
50 Gmail invitationer, hvis nogle skulle være interesserede.
0100011101100101011001010110101100100001


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 22:42 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *