ARP Spoofing

TriageTrader

Newbie
Messages
8
Likes
0
Recently, I was a "victim" of ARP spoofing. I always keep my trading computers extremely clean and only do trading activities on them. I have a computer solely for web surfing and research.

But that wasn't enough to secure my network.

With a single compromised computer that I use for web surfing, it was able to redirect my LAN (local area network) traffic from time to time to an outside web address through the compromised computer. The traffic over my LAN was routed from my clean computers to that compromised computer before going out to the Internet.

I didn't know about this until I had a reason to view the source of one the websites I was at, and I found redirection code to an IP address overseas. I had always felt for months my connection was a bit slow, and even complained to my ISP. Worst of all, I didn't know how long this had gone on.

So, as a result, I changed all my passwords and made sure all my bank, brokerage and financial accounts had password updates. But what I couldn't prevent was theft of information about my identity and probably credit card information typed into online web purchases.

Just a warning that even separating web surfing and trading computers is not enough in some cases.

Has anyone else encountered this type of attack? Any IT gurus know if this is getting more popular or is it a limited case?

http://en.wikipedia.org/wiki/ARP_spoofing
 
It is certainly getting more common in my view. What I do is use Firefox and have attached an add-on that prevents Javascript from running unless I specifically allow it and it warns you of cross site scripting when you land on a website. I also use the "Web of Trust" add-on and that often lets me know when a site is not what it appears to be. Firefox also has the facility to report a website as a forgery and if you get redirected and someone has already reported it then you get a very clear warning.


Paul
 
Top