[Olsr-dev] ARP prevention!

Andrea Di Pasquale (spam-protected)
Wed Aug 17 15:21:49 CEST 2011 

Hi,

Because in a local network with IPv4, each host can communicate with other hosts inside the network thanks to ARP. In a multihop network as olsrd, olsrd does its job network layer, but each route for every host works in conjunction with ARP in the Datalink. 
Example I want to reach node B from A: 

HostA <=> hostC <=> HostB 

Olsrd will do its work, but will be able to decide the route ACB thanks to the existence of nodes C and B. The existence of each network node is determined by ARP. 
Consider an additional node, the node D that makes Man In The Middle using ARP Spoofing masquerading as a node B to C and C to B: 

HostA <=> hostC <=> hostD <=> HostB 

OLSRd will always choose the same route. HostD will be able to intercept all traffic from/to hostA <=> HostB and OLSRd will not be able to avoid similar situations. 

That's why I think ArpON is useful and helps to avoid situations like these. 

The benefits are lots if we speak of stack of decentralized and cooperative network:

Applications -> All services
Transport -> TCP, UDP & co
Network -> IPv4 with OLSRd
Datalink -> ARP with ArpON

This stack is able to secure all services running at the Application level because the ArpON authenticates each host in the network, OLSRd handles each route for host in the network secure from attacks, TCP and UDP make their work and each services at the top is secure from any attacks.

Thanks,


Andrea

Il giorno 17/ago/2011, alle ore 10:08, ZioPRoTo (Saverio Proto) ha scritto:

>> I want to do a port of ArpON (www: http://arpon.sourceforge.net) for OLSRd project for securing MAC layer (IPv4 environment) against
>> Man In The Middle attacks through ARP Spoofing attack and his derived attacks.
> 
> Hello,
> 
> your project looks very interesting. However I don't understand why we
> should not just run olsrd and the current implementation of ArpON
> separately.
> 
> olsrd demon never manages data traffic and sent packets are always
> broadcast/multicast, so ARP protocol is not involved
> 
> what is the benefit of running ArpON as a olsrd plugin ? Why it has to
> interact with the routing protocol ?
> 
> thanks
> 
> Saverio

More information about the Olsr-dev mailing list