BugTraq
FreeBSD arp poison patch Dec 03 2003 01:43PM
bert_raccoon freemail ru (1 replies)


There is well known problem arp poisoning problem in FreeBSD. If

arp reply is received without request FreeBSD logs error

into syslog, but changes arp table entry. It makes possibility

for local atacker to change arp cache entry. In network this

behaviour can only occure when adapter changes it's MAC address.

Attached is patch to check old MAC address before changing

arp entry by sending unicast arp request to this MAC. If old MAC

replies, no changes to arp table is made and attack is logged.

Same patch for linux was published by Buggzy. Patch was tested for

FreeBSD 4.6 - 5.0.

To apply patch do:

download http://freecap.ru/if_ether.c.patch

# cd /sys/netinet

# patch < /path/to/patch

and rebuild the kernel.

[ reply ]
Re: FreeBSD arp poison patch Dec 04 2003 01:32AM
Ryota Hirose (hirose comm yamaha co jp)


 

Privacy Statement
Copyright 2010, SecurityFocus