Not at all - we used SSH and SCP/SFTP. An ARPjacking isnt merely a NIC in promiscuous mode. The tools used against us were replacement daemons running on another host that was periodically emitting our MAC/IP association. What would have helped would have been a certificate policy - "has someone changed/updated the SSH certificate/server/encryption?". When faced with that question, we should have stopped and phoned one another. Regrettably one of us chose to accept the new certificate and thus sending our password to the fake daemon. In terms of how unavoidable these novel and targeted attacks on general purpose hardware are, I think I have shown a fair example. Whether or not it mandates a kernel level mechanism that doesn't already exist is the topic for discussion. As food for thought, only a few weeks ago Metasploit was compromised in the same way - checkout Moore's statement: http://www.haloscan.com/comments/alexeck/964311044981251862
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds