Network Security – Arp spoofing series
I think I’ve wrapped up the series on arp spoofing and it’s implications for network security. I know there’s nothing earth shattering here, most network security types are well aware of the problems (and perhaps aware of more sophisticated solutions?). For some though, this series is likely an eye opener as there are myths that switches cannot be sniffed, that ONLY wireless data packets can be sniffed, etc. etc.
I’ve not given clear details on the software or specifics of arp spoofing in part because I don’t want to be writing a “how to hack” guide. The information is freely available as are the tools. They can be used to audit your own network security or they can be used offensively. I (and it should be noted most of the authors of the mentioned tools), would prefer these tools not be misused. If you’re interested in this, learn against your own network, use these tools to learn how you are vulnerable and how to take countermeasures to protect your network.
The bottom line on arp poisoning is to be clear on where your “unsecure” network access points are and farm those “unsecure” network ports to seperate subnets. It reminds me of my college when I was in school, there were a lot of ethernet ports everywhere, they had just gone through retrofits of the buildings. I wonder now how many of those ports were live and whether there was any caution of subnetting these network access ports seperate from the faculty office network ports?
Another solution would be, if you have network ports in publicly available areas, simply disconnect them from the switch until needed. Of course, these days wireless is more of a threat in this sense. Be careful about how you deploy wireless, especially if it’s open access for public use, be careful to seperate it from your “safe” network. As I’ve mentioned several times, the kinds of attacks I mentioned are VERY easy to pull off and are largely unnoticable. To drive the point home, with wireless the arp spoofer doesn’t need to be in the same building, but could be a few houses or buildings away.