[Olsr-dev] ARP prevention!
Andrea Di Pasquale
Thu Aug 18 11:50:57 CEST 2011
Il giorno 18/ago/2011, alle ore 07:52, Henning Rogge ha scritto:
> On Thu, 18 Aug 2011 00:29:22 Andrea Di Pasquale wrote:
>> I do not want to do a plugin...
>> This is the logic:
>> Ethernet and wireless are broadcast technology =>
>> => Olsrd uses this technology =>
>> => You can use any technology to L3 point-to-point, point-to-multipoint,
>> multipoint => => Olsrd to L3 multipoint, indirectly uses ARP to L2 for
>> each two host (1 segment), or n host (n / 2 segments) in multipoint
> At least for the user traffic. The protocol traffic doesn't even trigger arps,
> because its all broadcast (multicast).
>> This implies that olsrd is liable to attack Man In The Middle with ARP
>> spoofing in every segment, every two hosts or all segments between hosts.
>> Let me give two examples:
>> 1. Spoof two nodes, multi-hop communications between them pass by me
>> 2. Spoof all nodes, all multi-hop communications between them pass from me.
>> I do not want to do a plugin.
>> I would only suggest that there is a solution to these problems and that it
>> contributes much to olsrd seen that indirectly uses ARP.
> A problem I see is that securing arp does not protect against man in the
> middle attacks. Noone prevents an attacker to spoof the arp address of the
> real node and relay "authenticated arp requests" just to the original node.
ArpON does what you're asking with the cooperation of all nodes. :)
Read please these links:
> Another option is to build a layer-2 transparent tunnel to draw traffic to you.
> There is not much you can do without hardware modification against this,
> because the tunnel will just relay traffic from nodes far away, so you see a
> valid communication link to a valid node.
> The idea to authenticate your layer-2 unicast communication partners is good,
> but you need a way to tie this authentication to your traffic communication. If
> you only do this protection for ARPs, you will not be able to verify that
> traffic is coming from the right node because the incoming Mac/IP packet cannot
> prove its from the same node you used to authenticate the ARP.
> If you want to secure traffic from spoofing, you need to authenticate each data
In ARP, you solve the problem with authenticating each host and ArpON does it.
More information about the Olsr-dev