[Bridge] SAS: a new security tool patch for bridge
overet at securitydate.it
Thu Jul 7 08:47:43 PDT 2005
Hi, I'm an electronic engineer involved in security and embedded systems and
I have developed an algorithm for a secure switching named SAS (Secure
Active Switch) for my MS thesis.
This algorithm has been developed as plug-in in the bridge module
(kernel 2.6.10) and I have recently done a patch for this version of
SAS works making several checks at layer 2 and 3 of packet passing through
the bridge (working as switch) and sending an ARP request from bridge to the
host that is being attacked by ARP poisoning, to check the real status of
During this phase the two ports are in blocking/waiting state and if it
discovers a poisoner it disables the attacker's port for a variable delay
that can be set in /proc fs (4 seconds as default).
I and others researchers have tested the algorithm in a little LAN of our
University and it seems to work properly against ARP attacks.
I think that this code must be tested by other people now to discover
possible bugs and receive suggestions.
The code are downloadable at this link:
Giuseppe Gottardi (aka oveRet)
University of Ancona (Italy)
Dept of Electronics AI and Telecommunications
Email: overet(at)securitydate<dot>it, overet(at)spine-group<dot>org
More information about the Bridge