On 2009-03-09, irix <i...@ukr.net> wrote: > Hello Misc, > > On Mon, Mar 9, 2009 at 1:11 PM, irix <i...@ukr.net> wrote: > > >>ARP is insecure, no matter how many patches you apply or how many hacks you >>try. If you want something more secure, use 802.1X, use security on the >>switch, use IPv6+IPSec/SeND, etc. > > Sorry, if I been rude. I not administartor of network, i am client. > And other client use MiTM. This network is use unmanaged switches, and > ISP spit on it. That's why i try to find out to protect my > workstation from MiTM, with out static arp entry. What would have been > easy and transparent. Variant with the patch, I think the simplest and > most effective. I am simply customer, and i try to find most simple > solution. > >
You can set static entries in the ARP tables with arp(8), see the -f option with the "permanent" option. This is not security against spoofed MAC addresses. And I bet the management firmware on some NICs can be made to do really nasty things by an attacker with access to layer 2. If the network admins are unwilling to clean up their network, you should take your custom elsewhere.
