Jump to content

Helping to lessen the effects of MitM attacks


Recommended Posts

Right... I've just moved to Uni, and as such I've had to leave my testing lab at home... I only have a laptop and my (now dead :evil: ) server here with me.

What I want to know is: would setting a static ARP entry for your default gateway help lessen the effects of Man in the Middle (MitM) attacks?

I figured that the most likely choice of two machines for an attacker to position themselves between would be the target and the respectve gateway to the internet, and that by setting a static arp entry for the gateway it would be possible to stop the attacker from reading traffic going from the target to the gateway.

I'm not sure if this would work, and have no means to test it, so if anyone could give it a try for me, that would be nice :)

Note: I'm not saying this would prevent MitM attacks, just make it a little harder for an attacker to get passwords and things.

Link to comment
Share on other sites

Outpost Pro Firewall 3.5+ stops it. You get a nice little message saying "<IP> has declared itself as a gateway <IP>" or something similar, and it forces windows to keep using the first one. You can also force windows to make a static arp refference for the gateway i belive. Not sure about anything for *nix.

Link to comment
Share on other sites

If you could set a single ARP table entry, it would half work, becasue it's not just the gateway thats also told that the attacker is you, the attacker also tells your computer it is the default gateway. My advice to you is that if at any time you are in a possition where poeple could easily snif your packets becasue you are using publicly open wifi or what ever, VPN out to a remote server (either one you host your self at home or pay some one to host for you) and access the Interent through the VPN. It will be a little slow, but it compleatly removes the chance of any one seeing any thing that you do on the Internet (uless they are looking at your screen).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...