Fri, 10 Mar 2006 Wireless Network Anti-spoofing

One trick I learned at LCA this year was explained by the guys who set up the wireless network. They blocked all ARP packets, and served all ARP replies themselves, based on the DHCP leases file. This makes it much harder to pretend to be another machine on the network, as you cannot lie about your ARP (you can still set your MAC address to someone else's, and fight with them). You can still be an Access Point and "serve" people yourself, but it's a start.
[/tech] permanent link