
ARPPD – Script to Block Malicious ARP Packets in MITM Attack - Prodicode
https://github.com/Prodicode/ARPPD
======
badrabbit
Nice work. I can use this.

This maybe obvious to security minded folks but there are layer2 and layer 3
features you can use to eliminate entire classes of layer 2 attacks.

For layer2,macsec (now with iproute2 support) can be used to encrypt layer2
traffic which means arp poisoning and other mitm won't work without knowing
the key. Also,you can just turn off arp if that is practical in your network
(or segregate using an arpless vlan)

Layer3 - use a vpn tunnel and on the end host allow traffic only to the vpn
gateway(which can be your local router).

That said,it isn't practical to implement any of that if you have byod,smart
phones and iot in the network. I want to encourage the author to port it to
android and other platforms that make it difficult to implement vpns and
macsec.

Edit: also, hate to be that guy but I wish it wasn't in C.

~~~
Prodicode
I've written it in C because I wanted it to be reliable since it has to run in
the background :).

Also, I am aware of other methods of avoiding MITM attacks, but I wanted to
write a script to completly block ARP Poisoning attacks, without using any
encryption, since some protocols/websites don't use an encrypted connection.

In the end, thanks for your tip. I will work on implementing this on android.

~~~
badrabbit
I wouldn't have said anything if it wasn't a security tool. The tool keeping
you safe shouldn't add risk (all the bug classes commonly found in C programs)
to your security posture. You can write reliable programs in golang and rust.

I only mentioned other ways of avoiding mitm to inform readers. Your program
fills a lot of gaps.

One last tip - have you thought of supporting IPv6 ND and RA messages too?
Those technically deprecate arp :(

