- Get link
- X
- Other Apps
What is ARP Spoofing / Poisoning?
ARP Spoofing is network hacking with sending falsified ARP (Address Resolution Protocol) messages over a local area network. Once attackers MAC address is linking with target's IP address, attacker will begins receiving all packet data is intended with victim IP address. ARP spoofing can enable malicious parties to intercept, modify or even stop data in-transit. ARP spoofing attacks can only occur on local area networks that utilize the Address.
How Do We Prevent ARP Spoofing?
Have you ever heard about NetCut? Yes, that application is one of attacking application using ARP Spoofing method. We can prevent it using Mikrotik router as a firewall in our network. First step, you have to :- Set IP address lease time into 1 day and check Add ARP For Leases in IP -> DHCP Server - DHCP.
2. Set your netmask into /32 in IP -> DHCP Server - Networks.3. Last configuration, but this is not recommended because you as a network administrator will have difficulty to find the problem if you have any trouble in your network. Because with this configuration, ICMP packet will be disallowed in firewall rules except you desperate with attackers.
/ip firewall filter add action=accept chain=input comment="default configuration \
anti netcut, defaultnya accept)" disabled=no protocol=icmp
thank you :)
ReplyDeletekayaknya ada yg kurang script-nya
ReplyDelete