On Mon, Mar 9, 2009 at 1:11 PM, irix <i...@ukr.net> wrote: > Hello Misc, > > How to protect your server from such attacks without the use of static arp > entries? > By freebsd 5.0 patch was written arp_antidote ( > http://freecap.ru/if_ether.c.patch), > somebody could port it on openbsd? > > Also, in freebsd it is possible to specify a flag through the ifconfig > on the interface "staticarp", while "If the Address Resolution Protocol is > enabled, > the host will only reply to requests for its addresses, and will never send > anyrequests." > May you made this flag in openbsd ?
ARP is insecure, no matter how many patches you apply or how many hacks you try. If you want something more secure, use 802.1X, use security on the switch, use IPv6+IPSec/SeND, etc.
