Helping to lessen the effects of MitM attacks

[barrytone]

Right... I've just moved to Uni, and as such I've had to leave my testing lab at home... I only have a laptop and my (now dead :evil: ) server here with me.

What I want to know is: would setting a static ARP entry for your default gateway help lessen the effects of Man in the Middle (MitM) attacks?

I figured that the most likely choice of two machines for an attacker to position themselves between would be the target and the respectve gateway to the internet, and that by setting a static arp entry for the gateway it would be possible to stop the attacker from reading traffic going from the target to the gateway.

I'm not sure if this would work, and have no means to test it, so if anyone could give it a try for me, that would be nice :)

Note: I'm not saying this would prevent MitM attacks, just make it a little harder for an attacker to get passwords and things.

[VaKo]

Outpost Pro Firewall 3.5+ stops it. You get a nice little message saying "<IP> has declared itself as a gateway <IP>" or something similar, and it forces windows to keep using the first one. You can also force windows to make a static arp refference for the gateway i belive. Not sure about anything for *nix.

[Sparda]

If you could set a single ARP table entry, it would half work, becasue it's not just the gateway thats also told that the attacker is you, the attacker also tells your computer it is the default gateway. My advice to you is that if at any time you are in a possition where poeple could easily snif your packets becasue you are using publicly open wifi or what ever, VPN out to a remote server (either one you host your self at home or pay some one to host for you) and access the Interent through the VPN. It will be a little slow, but it compleatly removes the chance of any one seeing any thing that you do on the Internet (uless they are looking at your screen).

[PoyBoy]

Ive tried outpost at a local coffee shop and youd be amazed how many ap's popped up!