On Mon, 9 Mar 2009 16:54:27 +0100, "Felipe Alfaro Solana" <felipe.alf...@gmail.com> said: > On Mon, Mar 9, 2009 at 1:11 PM, irix <i...@ukr.net> wrote: > > > Hello Misc, > > > > How to protect your server from such attacks without the use of static arp > > entries? > > By freebsd 5.0 patch was written arp_antidote ( > > http://freecap.ru/if_ether.c.patch), > > somebody could port it on openbsd? > > > > Also, in freebsd it is possible to specify a flag through the ifconfig > > on the interface "staticarp", while "If the Address Resolution Protocol is > > enabled, > > the host will only reply to requests for its addresses, and will never send > > anyrequests." > > May you made this flag in openbsd ? > > > ARP is insecure, no matter how many patches you apply or how many hacks > you > try. If you want something more secure, use 802.1X, use security on the > switch, use IPv6+IPSec/SeND, etc.
ARP was designed by Nazis. So, die now thread. DIE DIE