ARP cache filtering issue?

paradis_pal · August 3, 2013, 10:10pm

although I enabled my anti-arp spoofing protect in firewall option, my friend could steel all my cookies and saw all social accounts and mails.

Citizen_K · August 4, 2013, 12:49am

Can you elaborate some on how your friend tested? Can you vouch for certain he used ARP cache poisoning to break in?

paradis_pal · August 4, 2013, 4:08am

she has andriod phone, I think she used driodsheep with arp-spoofing attack, I tested and I can see my accounts with my phone

paradis_pal · August 21, 2013, 10:40am

after testing, not 100% sure, it is a bug in Comodo V6, it is used to be protected in V5 , test on windows 7 x64 all up to date, hope it will be fixed soon, because i love Comodo security software

rhgtyink · September 3, 2013, 8:49pm

From a quick look at droidsheep it doesn’t show ARP spoofing, it seems to hijack your http session cookies, and once you lost those the attacker owns you.
If you browse all those sites using HTTPS you should be fine according to the DroidSheep FAQ.

thug4real · September 4, 2013, 4:22am

Hmm if this get reproduced. I hope it would be fixed soon.

BrettH · December 27, 2013, 5:35pm

Howdy folks! Although Comodo is totally superior to most products and I absolutely love it, I too noticed when pentesting my network that not one single security setup I have on any of my computers / devices even so much as winked at me when I performed arp poisoning / spoofing. I have Comodo enabled for anti-arp spoofing but to no avail.

Supplements to aid Comodo: Here are some great tools for both Linux distros and Windows - http://sid.rstack.org/arp-sk/ - A really good one is Winarp Watch! You have to check the logs frequently though and I’d recommend running Winarp Watch in your start-up sequence on both Windows and Linux. You can also setup Winarp Watch / arp watch to send you an email when you’ve been poisoned so you don’t have to constantly check the logs! Enjoy… 8)

For the Comodo folks, I ran the arp poisoning a couple of different ways but the quickest one is ettercap and it seems to work against every security program, not just Comodo. On that note, I sincerely do love Comodo and I don’t go anywhere without it! I wish they would include Comodo in every MS Windows package as “matter of fact”… Great job folks!

paradis_pal · February 25, 2015, 12:10pm

edit the title, I tried some other firewalls, all couldn’t protect the ARP, just to confirm, Comodo firewall not only superior to others, but it has more option, keep going on