ZA is not protecting me against ARP poisoning attack

Discussion in 'other firewalls' started by rOadToIS, Aug 17, 2009.

Thread Status:
Not open for further replies.
  1. rOadToIS

    rOadToIS Registered Member

    Joined:
    Dec 16, 2008
    Posts:
    168
    As you guys know, there is an option called "Enable ARP protection" under the firewall settings. Despite enabling this option, I could still ARP poison my desktop that's in the same network as my laptop and sniff all the packets. How did this happen? Am I the only one experiencing this malfunction of ZA?
     
  2. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    You will need to give some more detail on how you are doing the ARP poisoning.
     
  3. rOadToIS

    rOadToIS Registered Member

    Joined:
    Dec 16, 2008
    Posts:
    168
    I used Backtrack3 live cd to launch an ARP poisoning attack. Specifically, I used Ettercap that comes with BT3.
    First I scanned for a host and got IPs for my router and my desktop. Then, I added those IPs to each target and enabled ARP poisoning, which was carried out successfully.
     
    Last edited: Aug 18, 2009
  4. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    This should only be possible if someone gains access to the wireless network right?
     
  5. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    So far as I know,none of those brand name firewalls can stop heavy ARP attacks. We already have had a lot of discussion about this topic in WSF.

    There are some Anti-arp tools which are designed to fight ARP attack only though. You may try antiarp,but it requests you to change your homepage if you want to continue to use the product after 15 days trial. Or you may try Kingsoft's antiarp.

    I heard they both did well in ARP attack tests.
     
  6. rOadToIS

    rOadToIS Registered Member

    Joined:
    Dec 16, 2008
    Posts:
    168
    yes, it's only possible once you gain access to the network.
     
  7. rOadToIS

    rOadToIS Registered Member

    Joined:
    Dec 16, 2008
    Posts:
    168
    Thank you for the info.
     
  8. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Alright thanks rOadToIS!
     
  9. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,729
    Location:
    localhost
    Yes, or take control of your ISP :D
     
  10. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Now I'm really worried! My ISP are run by morons!:D
     
  11. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,729
    Location:
    localhost
    Mhuhuuaah, you are owned :ninja:
     
  12. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    hell i know my ISP is run by morons... but the customer support is nice at least :D but they havent been taken over (yet...) :)
     
  13. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    I use another brand name FW, and it does offer protection against ARP attacks.

    I would want to see independent testing results from someone like Stem before accepting that ZA or any main line FW doesn't protect against ARP attacks.

    In the meantime can you provide links to your test results?
     
Loading...
Thread Status:
Not open for further replies.