At 04:50 PM 3/9/2009 +0100, Felipe Alfaro Solana wrote:
On Mon, Mar 9, 2009 at 3:36 PM, irix <i...@ukr.net> wrote:
> Hello Misc,
>
> In www.openbsd.org wrote "Only two remote holes in the default
> install, in more than 10 years!", this not true. I using OpenBSD
> like customer, not like administrator. And my OpenBSD were attacked,
> by simple MiTM attack in arp protocol. How then can we talk about the "
> security by default" ????
> For example, FreeBSD is decided very simply, with this patch
> http://freecap.ru/if_ether.c.patch
> When this is introduced in OpenBSD, so you can say with confidence
> that the system really "Secure by default" ?
ARP is insecure by default. If you care, move to IPv6 and use IPSec/SeND.
PMFJI, but isn't the issue simpler than that? If he has a MiTM attack via
arp, doesn't that mean the attacker has access to the local subnet? That
would be a physical security issue FIRST?? Lock the doors before you point
fingers at the OS?
In any case, facts are more useful than FUD & BS.
Lee
