Hi, I'm an electronic engineer involved in security and embedded systems and I have developed an algorithm for a secure switching named SAS (Secure Active Switch) for my MS thesis. This algorithm has been developed as plug-in in the bridge module (kernel 2.6.10) and I have recently done a patch for this version of kernel. SAS works making several checks at layer 2 and 3 of packet passing through the bridge (working as switch) and sending an ARP request from bridge to the host that is being attacked by ARP poisoning, to check the real status of the host. During this phase the two ports are in blocking/waiting state and if it discovers a poisoner it disables the attacker's port for a variable delay that can be set in /proc fs (4 seconds as default). I and others researchers have tested the algorithm in a little LAN of our University and it seems to work properly against ARP attacks. I think that this code must be tested by other people now to discover possible bugs and receive suggestions. The code are downloadable at this link: http://overet.securitydate.it/codes/patch-linux-2.6.10-SASv1.1.diff Best regards, Giuseppe Gottardi ---------------------------------------- Giuseppe Gottardi (aka oveRet) University of Ancona (Italy) Dept of Electronics AI and Telecommunications Email: overet(at)securitydate<dot>it, overet(at)spine-group<dot>org
