Hi, I'm an electronic engineer involved in security and embedded systems and
I have developed an algorithm for a secure switching named SAS (Secure
Active Switch) for my MS thesis.
This algorithm has been developed as plug-in in the bridge module
(kernel 2.6.10) and I have recently done a patch for this version of
kernel.
SAS works making several checks at layer 2 and 3 of packet passing through
the bridge (working as switch) and sending an ARP request from bridge to the
host that is being attacked by ARP poisoning, to check the real status of
the host.
During this phase the two ports are in blocking/waiting state and if it
discovers a poisoner it disables the attacker's port for a variable delay
that can be set in /proc fs (4 seconds as default).
I and others researchers have tested the algorithm in a little LAN of our
University and it seems to work properly against ARP attacks.
I think that this code must be tested by other people now to discover
possible bugs and receive suggestions.
The code are downloadable at this link:
http://overet.securitydate.it/codes/patch-linux-2.6.10-SASv1.1.diff
Best regards,
Giuseppe Gottardi
----------------------------------------
Giuseppe Gottardi (aka oveRet)
University of Ancona (Italy)
Dept of Electronics AI and Telecommunications
Email: overet(at)securitydate<dot>it, overet(at)spine-group<dot>org
_______________________________________________
Bridge mailing list
[email protected]
https://lists.osdl.org/mailman/listinfo/bridge
