Back to list
FreeBSD arp poison patch
Dec 03 2003 01:43PM
bert_raccoon freemail ru
There is well known problem arp poisoning problem in FreeBSD. If
arp reply is received without request FreeBSD logs error
into syslog, but changes arp table entry. It makes possibility
for local atacker to change arp cache entry. In network this
behaviour can only occure when adapter changes it's MAC address.
Attached is patch to check old MAC address before changing
arp entry by sending unicast arp request to this MAC. If old MAC
replies, no changes to arp table is made and attack is logged.
Same patch for linux was published by Buggzy. Patch was tested for
FreeBSD 4.6 - 5.0.
To apply patch do:
# cd /sys/netinet
# patch < /path/to/patch
and rebuild the kernel.
[ reply ]
Re: FreeBSD arp poison patch
Dec 04 2003 01:32AM
Ryota Hirose (hirose comm yamaha co jp)
Copyright 2010, SecurityFocus