OPNsense Forum

English Forums => General Discussion => Topic started by: LouieLouie on December 26, 2019, 03:31:05 pm

Title: noob question re Arp spoofing
Post by: LouieLouie on December 26, 2019, 03:31:05 pm

I'm going to google this issue, yet I was hoping that someone here on the forums could give me any tips (or time to explain) what the heck this stuff is about, and more importantly, on how to prevent it on my opnsense implementation.  I would prefer to source my knowledge from here vs the wild web.

Background:  Heard of it, didn't understand it.  Have a work project that discussed arp-spoofing risks, researching it worried me that my home opnsense implementation could be at risk.  I'm vaguely suspicious that the default opnsense configuration is set to block this sort of thing, yet I'd like to know more.

I'll now go read up on this. 

Kind regards to everyone!

Title: Re: noob question re Arp spoofing
Post by: bartjsmit on December 26, 2019, 05:06:51 pm

You counter MITM attacks with e2e encryption which provides proof that you are communicating with the right person. You are not so vulnerable for ARP spoofing in a home setting because the network infrastructure is small and closed.

Decent article: http://www.og150.com/assets/ARP%20Spoofing%20MITM%20Attack,%20Capturing%20Telnet%20Data.pdf

Bart...

Title: Re: noob question re Arp spoofing
Post by: fabian on December 26, 2019, 09:10:05 pm

ARP and NDP spoofing must be countered on the switch in use. Another countermeasure would be a static neighbor cache but currently you cannot configure that on OPNsense. This would only work in networks with static addressing.

Title: Re: noob question re Arp spoofing
Post by: LouieLouie on December 27, 2019, 04:35:11 am

bartjsmit, fabian,  thank you very much.