G-Stress Posted October 11, 2006 Share Posted October 11, 2006 I may be wrong, but after I saw one of the episodes I believe either 3 or 5 where they used Cain and Abel to arp poision, I thought they demonstrated a way to protect your machine from such attack, but as I go back and re-watch the episodes I don't see it. I know it doesn't capture https traffic, I'm just wondering on the steps I would need to take to protect myself from such attack? If someone could be so kind to provide a link possibly? I also wanna say I wasn't to worried about security until I started running cain 24/7 on one of my boxes just poisioning my whole lan and i'm glad I do, because I caught 2 attackers. 1 was someone tryin to brute force my ftp server and another someone scanned me I assume and discovered I am running vnc and they attempted to log in... unsuccessfully of course;) Quote Link to comment Share on other sites More sharing options...
addisonzinser Posted October 11, 2006 Share Posted October 11, 2006 theres no real way to protect yourself from arp poisioning except for using https, ssl, vpn's. just be smart about what you plug your computer into :P Quote Link to comment Share on other sites More sharing options...
PoyBoy Posted October 12, 2006 Share Posted October 12, 2006 oohs, im going to plug my computer into a lightening rod... Actually, outpost firewall will force your computer to stick to the original ap it sees, which should stop this sort of thing, provided the network was clean when you started... Quote Link to comment Share on other sites More sharing options...
G-Stress Posted October 12, 2006 Author Share Posted October 12, 2006 hmm, I could have swore on one of the episodes, they demonstrated cain arp poisoning, then they went to the same web site only cain did not pick up the username and pass after they did something differnet. I can't remember if they used some 3rd. party app or if they just made some change to their pc configuration :? Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted October 12, 2006 Share Posted October 12, 2006 theres no real way to protect yourself from arp poisioning except for using https, ssl, vpn's. just be smart about what you plug your computer into :P What he said Quote Link to comment Share on other sites More sharing options...
Garda Posted October 12, 2006 Share Posted October 12, 2006 I noticed nobody mentioned static arp tables this would only be suitable on a very small network that your computer is basically ALWAYS plugged into. Basically you would keep a static list that matches IP addresses to MAC addresses. As you can imagine, certainly not a fun thing to do if you often use wifi or public networks or if you're otherwise often moving your computer. Also, given that it's your own personal network, it's unlikely that you're actually gonna get anybody in your home trying to attack you. Quote Link to comment Share on other sites More sharing options...
G-Stress Posted October 13, 2006 Author Share Posted October 13, 2006 I noticed nobody mentioned static arp tablesthis would only be suitable on a very small network that your computer is basically ALWAYS plugged into. Basically you would keep a static list that matches IP addresses to MAC addresses. As you can imagine, certainly not a fun thing to do if you often use wifi or public networks or if you're otherwise often moving your computer. Also, given that it's your own personal network, it's unlikely that you're actually gonna get anybody in your home trying to attack you. Yea I thought about static arp tables but haven't looked into setting them up yet. I don't login to anything I use on any lan except my own after learning about arp poisioning. Except when I use my cell phone cause it's a client/server connection. I agree though, that there is no perfect security. 1 more ? as far as my situation goes, what sniffer/lan monitor would you guys recommend to be sniffing 24/7 but checked daily? I know ethereal/wireshark does tend to consume alot of space after sometime, so was wondering if anyone else had any other suggestions? Quote Link to comment Share on other sites More sharing options...
nico Posted October 13, 2006 Share Posted October 13, 2006 You could try base Quote Link to comment Share on other sites More sharing options...
G-Stress Posted October 13, 2006 Author Share Posted October 13, 2006 You could try base Thanks man, I'll give this a try. It looks like they only make this for linux, but I'll give it a try:) Quote Link to comment Share on other sites More sharing options...
nico Posted October 14, 2006 Share Posted October 14, 2006 You could try base Thanks man, I'll give this a try. It looks like they only make this for linux, but I'll give it a try:) Arf...sorry about that. If snort works on windows, it should be ok. Good luck Quote Link to comment Share on other sites More sharing options...
mpt Posted October 15, 2006 Share Posted October 15, 2006 If you have an extra box lying around at home you could set up a vpn (could be as easy as tunneling via ssh). Whenever you are out at a coffee shop or on an untrusted network, access your vpn. I usually tunnel vnc or remote desktop. The problem is that at some point there is always going to be a point to sniff your traffic--even if you are tunnelling to your home, anyone who is linked to your home network or at the node above it can compromise your plaintext data. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.