[Olsr-users] ARP Question
Andrea Di Pasquale
Sat Aug 6 18:36:33 CEST 2011
I want to do a port of ArpON for OLSRd project for securing MAC layer (IPv4 environment) against Man In The Middle attacks through ARP Spoofing attack.
ArpON (ARP handler inspection) is:
a portable handler daemon that make ARP protocol secure in order to avoid the Man In The Middle (MITM) attack through ARP Spoofing, ARP Cache Poisoning, ARP Poison Routing (APR) attacks. It blocks also the derived attacks by it, which Sniffing, Hijacking, Injection, Filtering & co attacks for more complex derived attacks, as: DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks.
This is possible using three kinds of anti ARP Spoofing tecniques: the first is based on SARPI or "Static ARP Inspection" in statically configured networks without DHCP; the second on DARPI or "Dynamic ARP Inspection" in dynamically configured networks having DHCP; the third on HARPI or "Hybrid ARP Inspection" in "hybrid" networks, that is in statically and dynamically (DHCP) configured networks together.
ArpON is therefore a proactive point to point and multipoint based solution that requires a daemon in every host of the connection and that doesn't modify the classic ARP standard base protocol by IETF, but rather sets precise policies by using SARPI for static networks, DARPI for dynamic networks and HARPI for hybrid networks thus making today's standardized protocol working and secure from any foreign intrusion.
So, ArpON is host-based solution and a multipoint environment is a mesh environment and ArpON works very well on this.
Is you interest (OLSRd team) this protection on OLSRd network?
Il giorno 05/ago/2011, alle ore 22:58, Henning ha scritto:
> On Fri, 05.08.2011 22:49:56 Andrea Di Pasquale wrote:
>> Hi guys,
>> I'm Andrea Di Pasquale, author of ArpON (http://arpon.sourceforge.net).
>> My question is: Does olsrd use the ARP cache in the management of the
> Normally OLSRd does nothing with ARP... but if you use the arprefresh plugin
> OLSRd will automatically setup the arpcache entries for the next hops.
> Henning Rogge
More information about the Olsr-users