Am Montag, 18. März 2002 13:10 schrieb Reckhard, Tobias:
I thought about prevention of ARP-Poisoning and came up with the following ideas:
The question here to me is what you are trying to accomplish. I can see a couple of things resulting from ARP poisoning in the subnet your server is in. I can see others mimicking your web site and tricking visitors this way. I can also see a complete denial of service against your server. One other possibility is that they could mimic your path of administration as well and thereby learning, e.g. your user password from a telnet session across their machine.
One thing you need to be aware of is that measures against arp poison on your host alone won't really help a lot, you need to at least protect the router as well to avoid most problems. Since you probably have no influence on the router, you're left with the following answers to the problems I saw:
1. Pretend web site: This one can be solved by using an SSL server certificate for your WWW server name. It breaks if someone is successful in acquiring a certificate that a visitor of yours will accept.
2. Denial of Service: You need a static arp entry on the router to prevent this. A rogue host on the same subnet as your host can probably DoS it in a variety of other ways, though. This kind of thing becomes evident very quickly and it is very easy to trace the source of the attack, though, so I don't think the risk is that high. If you're scared of this kind of thing, you need to take the server to a network of your own.
3. Hack the admin: Don't use telnet, FTP or any other clear-text protocols. If using SSH, use Strict Modes and public key authentication in favour of passwords.
Cheers Tobias
Thank You for clarification of some problems. I'll try to be a bit more specific to my concerns: What worries me most is the possibility of an other root-server to play "router" for my traffic. The scenario works the following way: the attacker sends an arp-packet to my computer pretending to be the router. The router gets an arp-packet from the attacker pretending to be from my server. This way the whole traffic between the internet and my server is redirected through the attacking machine (man in the middle attack). This scenario was demonstrated at the CeBIT requiring no more than ettercap and ethereal. The websites are not too interesting for attackers and login is done via ssh (v2) only, so at least I get a warning if something strange happens. But the mail-traffic remains a problem! As far as I can see up to now, sendmail-tls and qpopper use plain text at least for the mail-body. So the content is disclosed to any attacker if not the username/password. I sure try to avoid ftp, but webmasters on Mac are used to FTP... Maybe there's a scp-client for Macs? I'll have a look. Thank you for the moment and have a mice day Roland Hilkenbach