lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 3 Aug 2008 00:40:22 +0200
From: Andrea Di Pasquale <spikey.it@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: ArpON detects and blocks Arp Poisoning/Spoofing
	attacks

Hi,
My name is Andrea Di Pasquale and I study at Secondary High School  
"S. Quasimodo"
in Catania, Italy.

Some time ago I released a research project related to the security  
of the
address resolution protocol Arp, the project name being Arpon (Arp  
handler
inspection).

Arpon makes the protocol secure without recurring to algorythms, SSL or
any other technology which is not part of the standard protocol.
Arpon is a daemon based on the Arp handling mechanism in kernel space  
that
uses different policies either in static environments (Static Arp  
Inspection
algorythm), or in DHCP dynamic ones (Dynamic Arp Inspection algorythm).
Arpon is written as a user space tool so it can work on posix platforms:
infact it is extensively tested on platform such as Max OS X,  
FreeBSD, OpenBSD,
NetBSD and Linux.

Today I suggest you to have a look at the project, because I think it  
has
great potentiality, the only competitor on the market being Cisco's DAI
on Catalyst 4500 devices (which uses DHCP to securify ARP; Arpon just  
uses
the standard kspace protocol implementation instead).

Furthermore, Arpon is Open Source software.

Links:

http://arpon.sourceforge.net/
http://arpon.sourceforge.net/documentation.html
http://arpon.svn.sourceforge.net/viewvc/arpon/

Thanks for the attention, I hope in your interest.
Cordially,
Andrea.
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists