How to prevent ARP Spoofing ?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
adscrz
DD-WRT Novice


Joined: 28 Jul 2009
Posts: 17

PostPosted: Thu Dec 03, 2009 1:43    Post subject: How to prevent ARP Spoofing ? Reply with quote
Hi All:

I have a wireless router, the Firmware is DD-WRT v24 (05/24/08)

How to prevent ARP spoofing in the DD-WRT ?

Thanks.
Sponsor
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Thu Dec 03, 2009 2:25    Post subject: Reply with quote
1) You should read the announcements and upgrade your build.
2) If your intent is to secure wireless then use WPA2 AES encryption. If you want to secure the Ethernet then you're out of luck. There is no direct way to stop it.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
adscrz
DD-WRT Novice


Joined: 28 Jul 2009
Posts: 17

PostPosted: Tue Dec 08, 2009 1:02    Post subject: Reply with quote
phuzi0n wrote:
1) You should read the announcements and upgrade your build.
2) If your intent is to secure wireless then use WPA2 AES encryption. If you want to secure the Ethernet then you're out of luck. There is no direct way to stop it.


Hi phuzi0n:

Thanks for your reply!
I will upgrade my build.

My local network is 192.160.0.*, only allow some IP
access internet.

Now a guy(unknow) alway try IP in my network,
the result is IP conflict!

Can I use iptables to block that bad guy ?
If the bad guy change the MAC address also,
Does the iptables can still work ?

thanks.
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Tue Dec 08, 2009 1:11    Post subject: Reply with quote
You didn't provide any information but want more answers... Are you trying to secure the wireless or the ethernet?
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
adscrz
DD-WRT Novice


Joined: 28 Jul 2009
Posts: 17

PostPosted: Tue Dec 08, 2009 2:32    Post subject: Reply with quote
Are you trying to secure the wireless or the ethernet?

I want to secure the ethernet.

In my DD-WRT, current firewall is below:
****************************************
iptables -t nat -F POSTROUTING

#DHCP ,DNS , NTP
iptables -t nat -A PREROUTING -p udp --dport 67 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p udp --dport 53 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -p udp --dport 53 -j MASQUERADE
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p udp --dport 123 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -p udp --dport 123 -j MASQUERADE

#Allow IP:
iptables -t nat -A PREROUTING -s 192.168.0.1/32 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.1/32 -d 0.0.0.0/0.0.0.0 -j MASQUERADE
iptables -t nat -A PREROUTING -s 192.168.0.2/32 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.2/32 -d 0.0.0.0/0.0.0.0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -s 192.168.0.12/32 -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.12/32 -d 0.0.0.0/0.0.0.0 -j MASQUERADE

#Drop anything
iptables -t nat -A PREROUTING -j DROP

Thanks for your patient
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Tue Dec 08, 2009 3:00    Post subject: Reply with quote
adscrz wrote:
I want to secure the ethernet.

That is an extremely difficult task that I'm not going to get into...

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
foamcup
DD-WRT Novice


Joined: 02 Jun 2008
Posts: 24

PostPosted: Tue Dec 08, 2009 4:41    Post subject: Reply with quote
I use a locked door and a Remington 1100 to secure my Ethernet. Laughing
Masterman
DD-WRT Guru


Joined: 24 Aug 2009
Posts: 2057
Location: South Florida

PostPosted: Tue Dec 08, 2009 5:40    Post subject: Reply with quote
foamcup wrote:
I use a locked door and a Remington 1100 to secure my Ethernet. Laughing


I prefer my S&W M&P .357 sig w/ Trijicons, and if that doesn't work I'll break out the match loaded M1A with 30 rounds of .308. Laughing

_________________
Optware, the Right Way
Asus WL520gU
Asus WL500gPv2 x2
Asus WL500W
Asus RT-N10
Asus RT-N12
Asus RT-N16 x3
D-Link DIR-825B
Linksys WRT320Nv1
Linksys WRT600Nv1.1
Linksys WRT610Nv1
Linksys E2000
Netgear WNDR3300
TP-Link WR1043ND
ThaCrip
DD-WRT User


Joined: 05 May 2008
Posts: 265

PostPosted: Tue Dec 08, 2009 7:00    Post subject: Reply with quote
Masterman wrote:
foamcup wrote:
I use a locked door and a Remington 1100 to secure my Ethernet. Laughing


I prefer my S&W M&P .357 sig w/ Trijicons, and if that doesn't work...


...you will probably be dead, so it won't even matter. lol

_________________
Linksys WRT54GS v6 Router /w DD-WRT v24-12548_NEWD_micro (not at my house any more (@ sisters house))

Belkin F5D7230-4 v1444 Router /w DD-WRT v24-12548_NEWD_micro-plus (mostly used in 'client bridge' mode to connect to my primary router from time to time to stream video from PC to XBox1 running XBMC)

Asus WL-520gu Router /w DD-WRT v24-15230_NEWD_mini_usb_ftp (my primary router/internet connection setup as AP connected to DSL modem with PPPoE on router)

Linksys WRT54GS v1.1 /w DD-WRT v24-13491_VINT_mega (currently not in use)
_201109072
DD-WRT Novice


Joined: 06 Sep 2011
Posts: 38

PostPosted: Sun Jan 01, 2012 16:36    Post subject: Reply with quote
We are discussing this problem here:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=145491
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum