Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
What do you do if you are unable to establish the connection to the home server?

Making sure to use https and secure file transfer services negates much of the danger of open WiFi as long as you protect yourself from MITM attacks.

The free version of XArp is sufficient for most users.

I have access to multiple VPN servers, we have several setup at my workplace for example, however the home VPN is nice due to remote access to some of my files. No disputing the ease of using Xarp for Windows but unfortunately it doesn't appear to support OSX. I've never used Xarp before but it just may prove very simple to use.

Using HTTPS is fine but not all sites support it. Unless you have specific sites that you visit that guarantees you a SSL connection, it's only a matter of time before you are forced out of HTTPS into a typical port 80 connection. The VPN configuration I use is all free, the proxy configuration software is also free, readily available to anyone who wants to use it all using a dynamic ip without resorting to using Dyndns.com

TBH I'm not a whole lot worried about ARP attacks, to do so the attacking computer would have to be equipped with a network adapter capable of injection, and many built-in wireless chipsets included in most laptops aren't capable of it. I'm very aware of the most common adapters used since my old Kismet and Backtrack 2 days.
 
Last edited:
I actually prefer the free arpwatch utility for OS X.

http://www.macupdate.com/app/mac/29459/mocha

Of course, not all sites offer SSL. But, if you know no one is a MITM, then that is not so much an issue. Any site that does need security is ssl. I use the encrypted version of the DuckDuckGo search engine that automatically links to ssl versions of websites to make most of your browsing encrypted.

Injection is required to crack WiFi but it is not required for MITM. I do not believe ettercap requires injection to poison the arp table to perform MITM.

Do you control the proxy that you use?

Proxies are used to perform sophisticated ssl stripping MITM attacks over WAN.

http://crypto.stanford.edu/ssl-mitm/
 
I actually prefer the free arpwatch utility for OS X.

http://www.macupdate.com/app/mac/29459/mocha

Of course, not all sites offer SSL. But, if you know no one is a MITM, then that is not so much an issue. Any site that does need security is ssl. I use the encrypted version of the DuckDuckGo search engine that automatically links to ssl versions of websites to make most of your browsing encrypted.

Injection is required to crack WiFi but it is not required for MITM. I do not believe ettercap requires injection to poison the arp table to perform MITM.

Do you control the proxy that you use?

Proxies are used to perform sophisticated ssl stripping MITM attacks over WAN.

http://crypto.stanford.edu/ssl-mitm/

There doesn't seem to be a lot of ready made utilities for OSX but I've looked at ARPWatch and it looks like mostly a warning app, no real defenses. I've found ARPSpyX and ARPon which appears to do most of what you need it to do, Ettercap was something I used in the past and I believe is being used today by some but I prefer Backtrack.

When you say MITM, I'm assuming you're referring strictly to ARP-based attacks, if so many of the ARP threats require the attacker to have injection capability. To sniff/monitor you don't, however to inject/Hijack you'll very likely need it.

Not sure what you mean by controlling the proxy, if you mean do I custom configure it to micromanage everything it does like a real proxy or do I simply use it for what it is, a basic software proxy... then my reply is the latter.

Here's what I'd like to know... say a Windows user installs Xarp or an OSX user installs Mocha, sees something happening, what is the user supposed to do next? Can they do anything to counter an attack even if they see it happening through those apps? I could be mistaken but it seems to me that neither free editions offer any form of real protection/defense other than letting you know something odd might be occurring.
 
Last edited:
I've looked at ARPWatch and it looks like mostly a warning app, no real defenses. I've found ARPSpyX and ARPon which appears to do most of what you need it to do,

Mocha has better notifications that ArpSpyX. Mocha displays a notification near the bottom left corner of the display when an attack is detected. Any more action by this type of utility becomes intrusive unless that action is silent, such as ArpON. ArpON is only effective if all hardware in the network has it installed. This is not likely to be the case on public networks.

When using Mocha or similar utilities, defensive measures in the event of an attack are as easy as terminating your connection.

Ettercap was something I used in the past and I believe is being used today by some but I prefer Backtrack...

BackTrack contains many packet sniffers. Typically, Ettercap is the utility included in BackTrack for MITM. Arp based MITM using Ettercap do not require injection.

If the proxy is hosted on a server that you do not manage, then the attacks shown in that link are a possibility. It also depends on the type of VPN you use. http://crypto.stanford.edu/ssl-mitm/

Relying on VPN does cause issues when unable to establish a connection to the server.
 
For Windows 7, MSE is a good start, so is AVG Free Edition, both are lightweight and very simple to use products that are free.

If you feel better with a paid product, Norton Antivirus 2011 is very good, also very lightweight and has better detection capabilities. I too am not a Norton fan but this product is very good. I still don't recommend Norton 360, Norton Internet Security, just the AV.

Kaspersky is one of the best if not the best at the moment, very few false positives, lots of updates, incredible detection capabilities. It's a little harder on resources, not ideal for light VM configurations or Netbooks.


As far as all-in-one maint suites, my take on it is to stay away from them. You really don't need much of that to keep Windows 7 in good shape. The built in defrag is good (unless you're using a SSD, then don't defrag), SFC (system file checker) does a great job making sure system files aren't altered. Windows 7 is nothing like Vista or XP, it's much better at keeping itself up.

However do install Malwarebytes and Superantispyware. If you're like me and don't like installing software (keeping it simple), download the portable version of Superantispyware as it needs no installation.

CCleaner is a great tool to dump all the stuff that gets piled up in those temp folders and caches. All of the above with the exception of Norton products are free.

I have purchased Tuneup Utlities. It is not bloatware and pretty snappy. If W7 does do all of what Tuneup Utlitiles does, then I'm embarrassed. I will look at your product suggestions. I have not yet purchased a paid anti-virus subscription and may go "free" as in Microsoft Security Essentials. Thanks! :)
 
Last edited:
I run Windows 7 via Bootcamp.

I had this problem where when I shut down windows, on multiple occasions, I've been getting this message 5 updates installing, the same 5 updates over and over. I used the Windows 7 troubleshooter, selected the Windows Update troubleshoooter, which advised me I had these issues 8007010B and 800F020B... very informative. :rolleyes: I surfed the net looking for answers and basically found nothing although I figured out the problem had to do with updates that did not install correctly.

Then I cranked up Tuneup Utilities 2013, checked the "Fix Problems" section, and there was choice called: Windows Update Does Not Work Since A Previous Update Was required. The Tuneup Repair wizard (part of TuneUp Utilities) ran, and the "5 updates" message went away on shudown and when I restarted in Windows 7, there were 11 more updates to be installed.

I have the highest respect of TU 2013 cause it can deal with Windows took a crap issues. Going to do a restart with fingers crossed. :):)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.