[MLB-WIRELESS] arp spoofing

[David Ashburner]

Hi all,

There was an interesting discussion at the meeting last friday about 
ARP spoofing and how it is a threat for wireless Nodes.
In a nutshell, it would be possible for a man-in-the middle attack to 
make itself appear as the network gateway (access point)  and so 
intercept
any traffic between a legitimate client and the real gateway. It could 
do this by sending out a lot of unsolicited arp responses and 
"poisioning" the ARP cache on all connected machines.

Grant spent some time explaining this to me and also that the people at 
WAND Network Research  Group in Nah Zulund had implemented a solution 
where all ARP requests and responses get quenched from the network and 
the gateway provides the responses from it's DHCP cache.  The software 
dhcparpd is available to download but is set up to use a specific API 
for communicating with the DHCP server.

I've looked through the code and can make a relatively easy patch to 
make it work with the dnsmasq software used on the WRTs.  I'll build a 
ipkg with the daemon and iptables rules and we can give it a go.

dna

WAND page:   http://research.wand.net.nz/software/dhcparpd.php