DD-WRT Forum :: View topic - How to prevent ARP Spoofing ?

Quick Links

Log in

How to prevent ARP Spoofing ?

DD-WRT Forum Forum Index -> Broadcom SoC based Hardware

View previous topic :: View next topic

Author

Message

adscrz
DD-WRT Novice

Joined: 28 Jul 2009
Posts: 17

Posted: Thu Dec 03, 2009 1:43 Post subject: How to prevent ARP Spoofing ?
Hi All: I have a wireless router, the Firmware is DD-WRT v24 (05/24/08) How to prevent ARP spoofing in the DD-WRT ? Thanks.

Sponsor

phuzi0n
DD-WRT Guru

Joined: 10 Oct 2006
Posts: 10075

Posted: Thu Dec 03, 2009 2:25 Post subject:

1) You should read the announcements and upgrade your build.
2) If your intent is to secure wireless then use WPA2 AES encryption. If you want to secure the Ethernet then you're out of luck. There is no direct way to stop it.
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting.
Looking for bricks and spare routers to expand my collection.

adscrz
DD-WRT Novice

Joined: 28 Jul 2009
Posts: 17

Posted: Tue Dec 08, 2009 1:02 Post subject:

phuzi0n wrote:

Hi phuzi0n:

Thanks for your reply!
I will upgrade my build.

My local network is 192.160.0.*, only allow some IP
access internet.

Now a guy(unknow) alway try IP in my network,
the result is IP conflict!

Can I use iptables to block that bad guy ?
If the bad guy change the MAC address also,
Does the iptables can still work ?

thanks.

phuzi0n
DD-WRT Guru

Joined: 10 Oct 2006
Posts: 10075

Posted: Tue Dec 08, 2009 1:11 Post subject:
You didn't provide any information but want more answers... Are you trying to secure the wireless or the ethernet? _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced. Available for paid consulting. Looking for bricks and spare routers to expand my collection.

adscrz
DD-WRT Novice

Joined: 28 Jul 2009
Posts: 17

Posted: Tue Dec 08, 2009 2:32 Post subject:

Are you trying to secure the wireless or the ethernet?

I want to secure the ethernet.

In my DD-WRT, current firewall is below:
****************************************
iptables -t nat -F POSTROUTING

#DHCP ,DNS , NTP
iptables -t nat -A PREROUTING -p udp --dport 67 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p udp --dport 53 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -p udp --dport 53 -j MASQUERADE
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p udp --dport 123 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -p udp --dport 123 -j MASQUERADE

#Allow IP:
iptables -t nat -A PREROUTING -s 192.168.0.1/32 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.1/32 -d 0.0.0.0/0.0.0.0 -j MASQUERADE
iptables -t nat -A PREROUTING -s 192.168.0.2/32 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.2/32 -d 0.0.0.0/0.0.0.0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -s 192.168.0.12/32 -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.12/32 -d 0.0.0.0/0.0.0.0 -j MASQUERADE

#Drop anything
iptables -t nat -A PREROUTING -j DROP

Thanks for your patient

phuzi0n
DD-WRT Guru

Joined: 10 Oct 2006
Posts: 10075

Posted: Tue Dec 08, 2009 3:00 Post subject:

adscrz wrote:

I want to secure the ethernet.

That is an extremely difficult task that I'm not going to get into...
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting.
Looking for bricks and spare routers to expand my collection.

foamcup
DD-WRT Novice

Joined: 02 Jun 2008
Posts: 24

Posted: Tue Dec 08, 2009 4:41 Post subject:
I use a locked door and a Remington 1100 to secure my Ethernet.

Masterman
DD-WRT Guru

Joined: 24 Aug 2009
Posts: 2039
Location: South Florida

Posted: Tue Dec 08, 2009 5:40 Post subject:

foamcup wrote:

I use a locked door and a Remington 1100 to secure my Ethernet. Laughing

I prefer my S&W M&P .357 sig w/ Trijicons, and if that doesn't work I'll break out the match loaded M1A with 30 rounds of .308. Laughing

_________________
Optware, the Right Way
Asus WL520gU
Asus WL500gPv2 x2
Asus WL500W
Asus RT-N10
Asus RT-N12
Asus RT-N16 x3
D-Link DIR-825B
Linksys WRT320Nv1
Linksys WRT600Nv1.1
Linksys WRT610Nv1
Linksys E2000
Netgear WNDR3300
TP-Link WR1043ND

ThaCrip
DD-WRT User

Joined: 05 May 2008
Posts: 265

Posted: Tue Dec 08, 2009 7:00 Post subject:

Masterman wrote:

foamcup wrote:

I use a locked door and a Remington 1100 to secure my Ethernet. Laughing

I prefer my S&W M&P .357 sig w/ Trijicons, and if that doesn't work...

...you will probably be dead, so it won't even matter. lol
_________________
Linksys WRT54GS v6 Router /w DD-WRT v24-12548_NEWD_micro (not at my house any more (@ sisters house))

Belkin F5D7230-4 v1444 Router /w DD-WRT v24-12548_NEWD_micro-plus (mostly used in 'client bridge' mode to connect to my primary router from time to time to stream video from PC to XBox1 running XBMC)

Asus WL-520gu Router /w DD-WRT v24-15230_NEWD_mini_usb_ftp (my primary router/internet connection setup as AP connected to DSL modem with PPPoE on router)

Linksys WRT54GS v1.1 /w DD-WRT v24-13491_VINT_mega (currently not in use)

_201109072
DD-WRT Novice

Joined: 06 Sep 2011
Posts: 38

Posted: Sun Jan 01, 2012 16:36 Post subject:
We are discussing this problem here: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=145491

Display posts from previous:

Page 1 of 1

DD-WRT Forum Forum Index -> Broadcom SoC based Hardware

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum