[Olsr-dev] ARP prevention!
Wed Aug 17 17:20:32 CEST 2011
caution: olsrd is no layer 2 mesh!
(so theres are no multihop implications regarding to arp)
every olsrd node only knows the macadresses of its direct neighbours
therefore u just need arpOn on node a b and c
to detect man in the middle d
On Wed, Aug 17, 2011 at 3:21 PM, Andrea Di Pasquale <(spam-protected)>wrote:
> Because in a local network with IPv4, each host can communicate with other
> hosts inside the network thanks to ARP. In a multihop network as olsrd,
> olsrd does its job network layer, but each route for every host works in
> conjunction with ARP in the Datalink.
> Example I want to reach node B from A:
> HostA <=> hostC <=> HostB
> Olsrd will do its work, but will be able to decide the route ACB thanks to
> the existence of nodes C and B. The existence of each network node is
> determined by ARP.
> Consider an additional node, the node D that makes Man In The Middle using
> ARP Spoofing masquerading as a node B to C and C to B:
> HostA <=> hostC <=> hostD <=> HostB
> OLSRd will always choose the same route. HostD will be able to intercept
> all traffic from/to hostA <=> HostB and OLSRd will not be able to avoid
> similar situations.
> That's why I think ArpON is useful and helps to avoid situations like
> The benefits are lots if we speak of stack of decentralized and cooperative
> Applications -> All services
> Transport -> TCP, UDP & co
> Network -> IPv4 with OLSRd
> Datalink -> ARP with ArpON
> This stack is able to secure all services running at the Application level
> because the ArpON authenticates each host in the network, OLSRd handles each
> route for host in the network secure from attacks, TCP and UDP make their
> work and each services at the top is secure from any attacks.
> Il giorno 17/ago/2011, alle ore 10:08, ZioPRoTo (Saverio Proto) ha scritto:
> >> I want to do a port of ArpON (www: http://arpon.sourceforge.net) for
> OLSRd project for securing MAC layer (IPv4 environment) against
> >> Man In The Middle attacks through ARP Spoofing attack and his derived
> > Hello,
> > your project looks very interesting. However I don't understand why we
> > should not just run olsrd and the current implementation of ArpON
> > separately.
> > olsrd demon never manages data traffic and sent packets are always
> > broadcast/multicast, so ARP protocol is not involved
> > what is the benefit of running ArpON as a olsrd plugin ? Why it has to
> > interact with the routing protocol ?
> > thanks
> > Saverio
> Olsr-dev mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Olsr-dev