Monday, 31 August 2009

ArpFreeze

For a small break from the recent run of PCap based programs I am going to look at ARPFreeze tonight. This is also a move from *NIX to Windows.

Some of the earlier tools I have introduced (such as Netdude and Ettercap) allow a user top test systems using arp poisoning attacks. They also allow attacker to do the same.

ARPFreeze stops these attacks dead in their tracks (then there still is a DoS, but this is more likely to be noted).

The tutorial on IronGeek is excellent, so I will point you there instead of doing a number of screenshots. What you need to know is that ARPFreeze allows you to create a static table of hosts that will remain each time the system is updated. That is, reboot and the old static values are stored (something that has been a simple part of Unix for decades).

This does require extra work. If a network card changes, you will need to change all of the static mappings. Not a big issue on a small network, but it does become tedious quickly on a large network.

What I would recomend is to use this with Group Policy and server startup setting for systems. Adding this to group policy and a centrally deployed server will make updating systems far easier.

Caveat: Remember that if you change a static system, you need to change all of the systems that access it.

Overall, a great tool if used wisely.

No comments: