Home > Máy tính > Ways to protect your computer against ARP poisoning

Ways to protect your computer against ARP poisoning

November 10th, 2010 Leave a comment Go to comments

When you’re connected to a local area network, you’re exposed to many security troubles that you may not be aware. One of them is ARP spoofing (ARP poisoning). The attacker can easily capture data flow in and out of your computer. Your essential information such as username, password, email are not secret to you anymore. Read wiki page here: http://en.wikipedia.org/wiki/ARP_spoofing

An attacker may take advantage of ARP poisoning to perform the following effects:

1. Denial of Service attack

- computer A sends request to (true) gateway successfully

- computer B (hacker) poisons ARP cache of gateway

- as a result, gateway sends response to fake computer B. Hacker may never send response back to computer A. Computer A may see these symptoms on the browser: Waiting for www.abc.com, Looking up www.def.com

Instant resolution (either or all will work):

- clear ARP cache of gateway

- turn gateway off and on

- reset gateway

- turn on gateway’s ARP protection

2. Man in the middle (MITM) attack

- computer B (hacker) poisons ARP cache of gateway and computer A, it acts as an intermediate between computer A and true gateway

- computer B can sniffer data flow between computer A and gateway, thus it can analyze to see essential information (username, password, URL, cookie, …)

Instant resolution (either or all will work):

- clear ARP cache, repair network connection

- enable firewall’s ARP cache protection (enable ArpON in Linux box)

- perform resolutions of DOS attack

  1. No comments yet.
  1. No trackbacks yet.