Logo Background

ARP spoofing countermeasure using static ARP

  • By on August 23, 2008 | No Comments

    A lot of bad things can happen if someone successfully poisons the ARP table of a machine on your network. How do you prevent the effects of someone attempting to poison an ARP table?

    One way to prevent the ill effects of this behavior is to create static ARP table entries for all of the devices on your local network segment. When this is done, the kernel will ignore all ARP responses for the specific IP address used in the entry and use the specified MAC address instead.

    You can create static entries with the arp command, which allows you to directly manipulate the kernel’s ARP table entries. To add a single static ARP table entry, run this command:

    UNIX> arp -s ipaddr macaddr

    For example, if you know that the MAC address that corresponds to is 00:48:ba:85:85:ca, you could add a static ARP entry for it like this:

    UNIX> arp -s 00:48:ba:85:85:ca
    » SSH Brute Force Attack Defense
Leave a Comment