ARP cache

Discussion in 'Networks' started by greenbrucelee, Feb 23, 2008.

  1. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    Is having the option to protect the ARP cache in a firewall attack detection settings useful on a home computer or is this only useful on a proper network?
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  2. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    GBL - are you talking about protecting yourself from ARP spoofing? ARP spoofing is a technique to trick machines on a LAN into routing all their traffic via a spoofed default gateway address. Your machine shouldn't be contactable from the Internet, and, unless you have an EXTREMELY badly configured router/firewall, ARP spoofing shouldn't be an issue on your firewall - from the outside at least.

    If you want to understand ARP spoofing, the easiest way to do it is to try it out on your LAN for yourself. Set up a second machine on your local network, install Cain & Abel and set it to poison the ARP cache - then watch in amazement as all traffic from the other machine that is destined for a network outside the local LAN gets routed through the 'fake' DG first - allowing you to capture every single packet. Very, very dangerous if implemented ona network where the security controls are lax (most networks I've worked on fall into this category)
     
    Certifications: A few
    WIP: None - f*** 'em
  3. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    Its just an option thats on my firewall (comodo) which isn't on by default but the firewall is well configured. I was just wondering if its best to have it on for that extra piece of protection.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  4. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Up to you. Not sure how it would protect you from ARP spoofing tbh - more than likely just placing a static entry in your ARP cache that points to the correct MAC. You could do this yourself, but I guess you may as well turn it on anyway - it certainly shouldn't do any harm and, if a machine on your local network becomes compromised I guess it's just another layer of protection. Of course, if a machine on your LAN does get rinsed, ARP spoofing will be the least of your problems!
     
    Certifications: A few
    WIP: None - f*** 'em
  5. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    Cheers for you help Zeb I'll switch it on and see what/if anything happens.

    Rep give for yolur help :D
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.