How to prevent ARP Spoofing ?

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
adscrz
DD-WRT Novice


Joined: 28 Jul 2009
Posts: 17

PostPosted: Thu Dec 03, 2009 1:43    Post subject: How to prevent ARP Spoofing ? Reply with quote
Hi All:

I have a wireless router, the Firmware is DD-WRT v24 (05/24/08)

How to prevent ARP spoofing in the DD-WRT ?

Thanks.
Sponsor
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Thu Dec 03, 2009 2:25    Post subject: Reply with quote
1) You should read the announcements and upgrade your build.
2) If your intent is to secure wireless then use WPA2 AES encryption. If you want to secure the Ethernet then you're out of luck. There is no direct way to stop it.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
adscrz
DD-WRT Novice


Joined: 28 Jul 2009
Posts: 17

PostPosted: Tue Dec 08, 2009 1:02    Post subject: Reply with quote
phuzi0n wrote:
1) You should read the announcements and upgrade your build.
2) If your intent is to secure wireless then use WPA2 AES encryption. If you want to secure the Ethernet then you're out of luck. There is no direct way to stop it.


Hi phuzi0n:

Thanks for your reply!
I will upgrade my build.

My local network is 192.160.0.*, only allow some IP
access internet.

Now a guy(unknow) alway try IP in my network,
the result is IP conflict!

Can I use iptables to block that bad guy ?
If the bad guy change the MAC address also,
Does the iptables can still work ?

thanks.
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Tue Dec 08, 2009 1:11    Post subject: Reply with quote
You didn't provide any information but want more answers... Are you trying to secure the wireless or the ethernet?
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
adscrz
DD-WRT Novice


Joined: 28 Jul 2009
Posts: 17

PostPosted: Tue Dec 08, 2009 2:32    Post subject: Reply with quote
Are you trying to secure the wireless or the ethernet?

I want to secure the ethernet.

In my DD-WRT, current firewall is below:
****************************************
iptables -t nat -F POSTROUTING

#DHCP ,DNS , NTP
iptables -t nat -A PREROUTING -p udp --dport 67 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p udp --dport 53 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -p udp --dport 53 -j MASQUERADE
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p udp --dport 123 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -p udp --dport 123 -j MASQUERADE

#Allow IP:
iptables -t nat -A PREROUTING -s 192.168.0.1/32 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.1/32 -d 0.0.0.0/0.0.0.0 -j MASQUERADE
iptables -t nat -A PREROUTING -s 192.168.0.2/32 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.2/32 -d 0.0.0.0/0.0.0.0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -s 192.168.0.12/32 -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.12/32 -d 0.0.0.0/0.0.0.0 -j MASQUERADE

#Drop anything
iptables -t nat -A PREROUTING -j DROP

Thanks for your patient
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Tue Dec 08, 2009 3:00    Post subject: Reply with quote
adscrz wrote:
I want to secure the ethernet.

That is an extremely difficult task that I'm not going to get into...

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
foamcup
DD-WRT Novice


Joined: 02 Jun 2008
Posts: 24

PostPosted: Tue Dec 08, 2009 4:41    Post subject: Reply with quote
I use a locked door and a Remington 1100 to secure my Ethernet. Laughing
Masterman
DD-WRT Guru


Joined: 24 Aug 2009
Posts: 2070
Location: South Florida

PostPosted: Tue Dec 08, 2009 5:40    Post subject: Reply with quote
foamcup wrote:
I use a locked door and a Remington 1100 to secure my Ethernet. Laughing


I prefer my S&W M&P .357 sig w/ Trijicons, and if that doesn't work I'll break out the match loaded M1A with 30 rounds of .308. Laughing

_________________
Optware, the Right Way
Asus RT-AC68U
Asus RT-N66U
Asus RT-N10
Asus RT-N12
Asus RT-N16 x5
Asus WL520gU
Engenious ECB350
Linksys WRT600Nv1.1
Linksys WRT610Nv1
Linksys E2000
Netgear WNDR3300
SonicWall NSA220W
SonicWall TZ215W
SonicWall TZ205W
SonicWall TZ105W
ThaCrip
DD-WRT User


Joined: 05 May 2008
Posts: 338

PostPosted: Tue Dec 08, 2009 7:00    Post subject: Reply with quote
Masterman wrote:
foamcup wrote:
I use a locked door and a Remington 1100 to secure my Ethernet. Laughing


I prefer my S&W M&P .357 sig w/ Trijicons, and if that doesn't work...


...you will probably be dead, so it won't even matter. lol

_________________
Primary Router: Linksys WRT54GS v1.1 /w dd-wrt.v24_mini_generic (r46640 May 13th 2021) ; new Panasonic capacitors Feb 11th 2020 | Backup Router: Linksys WRT54GS v6 /w dd-wrt.v24_micro_generic (r46640 May 13th 2021)




Joined: 01 Jan 1970
Posts:

PostPosted: Sun Jan 01, 2012 16:36    Post subject: Reply with quote
We are discussing this problem here:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=145491
Display posts from previous:    Page 1 of 1
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum