We are here with you hands in hands to facilitate your learning & don't appreciate the idea of copying or replicating solutions. Read More>>

Looking For Something at vustudents.ning.com? Click Here to Search

www.bit.ly/vucodes

+ Link For Assignments, GDBs & Online Quizzes Solution

www.bit.ly/papersvu

+ Link For Past Papers, Solved MCQs, Short Notes & More


Dear Students! Share your Assignments / GDBs / Quizzes files as you receive in your LMS, So it can be discussed/solved timely. Add Discussion

How to Add New Discussion in Study Group ? Step By Step Guide Click Here.

When you are on lan its very easy to sniff you traffic which can be using ARP poising in case of switch and even more easy in case of hub!!!!!!!!!

 

To prevent it use HTTPS instead of simple HTTP.....

Now What HTTPS does for us is that it encrypts our data between our pc and server all through.

By this way sniffers will only get you URL not username and password.

Because using HTTP, your username and password is sent flat on lan i mean it can be read very easily.

For example:

don't use : http://www.facebook.com/

USE: HTTPS://www.facebook.com

 

Not every site support HTTPS.

So what if not every site support HTTPS then what to do... Then search for free VPN service!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

If you are using FireFox then it has a plugin named "HTTPS every were" it will convert every http url to https if it is present.


To check if you are being arp poisoned use "arp -a"(Run>Cmd) it will show arp table to analysis it you must know MAC of you switch if it is change with other than original switch MAC then you had been victim of this vulnerability. 

+ How to Follow the New Added Discussions at Your Mail Address?

+ How to Join Subject Study Groups & Get Helping Material?

+ How to become Top Reputation, Angels, Intellectual, Featured Members & Moderators?

+ VU Students Reserves The Right to Delete Your Profile, If?


See Your Saved Posts Timeline

Views: 118

.

+ http://bit.ly/vucodes (Link for Assignments, GDBs & Online Quizzes Solution)

+ http://bit.ly/papersvu (Link for Past Papers, Solved MCQs, Short Notes & More)

+ Click Here to Search (Looking For something at vustudents.ning.com?)

+ Click Here To Join (Our facebook study Group)

Comment

You need to be a member of Virtual University of Pakistan to add comments!

Join Virtual University of Pakistan

Comment by Abdul Qayyum on November 11, 2011 at 10:16pm

@ Muhammad Ammar.

Keeping in view the context and audience of your post, I safely conclude that the question relates to switch and not layer 2, 3 or higher layer devices or something of that sort. Of course, even a layer 2 switch if "managed", does have a mac address associated with it for SNMP, telnet and web-based management but thats not the point here. The point is... we commonly use least expensive "unmanaged" switches in our LANs. These switches do not provide any configuration/management interface and therefore, have no reason to have their own mac addresses.

if you do not agree with this, you should describe the procedure to determine the mac address of these common switches.

Comment by Muhammad Ammar on November 11, 2011 at 11:35am

@Qazi Wasim Shahbaz:...........You are well equipped with inof... My brother only Hubs don't have mac; only devices working on layer 2 and 3 (possibly above) have MAC address. yes it can be router also. And if attacker has spoofed his/her MAC then one need little more intelligence............

Comment by Abdul Qayyum on November 10, 2011 at 6:36pm

Https is around for the past 15 years or so, still many websites does not support it. Possible reasons are:

1. Https does not work with virtual hosts. Virtual hosts allow a Web host to serve many websites on a single physical server. In other words, with virtual hosts, a web host can host hundreds of websites over a single server having a single IP address.

2. Https does not support cache.

3. Web developers have to pay for secure certificates.

And now about the benefits, a VU student can derive from Https. Vulms does not have a trusted certificate and if you use try to log on vulms page with https prefix in its url, your browser displays a frightening warning message. Anyway, even if you choose to proceed, you never get the log in interface. Now what is that supposed to mean? Does it mean we are doomed or we just need alternate solutions to fight ARP poisoning and consequential man-in-the-middle attacks?

Well, VU student can benefit from https services of gmail. Here are the urls:

https://www.google.com/a/vu.edu.pk

https://mail.google.com/a/vu.edu.pk

Besides, large web services like yahoo, twitter etc. do have https support because they are immune to the above problems related with https.

Final words to the poster, what makes you think that a switch does have a mac address? I think you have mistakenly typed "switch" in the last line of your post, instead of "router".

Latest Activity

© 2020   Created by +M.Tariq Malik.   Powered by

Promote Us  |  Report an Issue  |  Privacy Policy  |  Terms of Service

.