Linux Ethernet Bridging - Apr 2007 - [Bridge] SAS: a new security tool patch for bridge

Hi, I'm an electronic engineer involved in security and embedded systems and
I have developed an algorithm for a secure switching named SAS (Secure 
Active Switch) for my MS thesis. 

This algorithm has been developed as plug-in in the bridge module
(kernel 2.6.10) and I have recently done a patch for this version of
kernel. 

SAS works making several checks at layer 2 and 3 of packet passing through 
the bridge (working as switch) and sending an ARP request from bridge to the 
host that is being attacked by ARP poisoning, to check the real status of 
the host. 

During this phase the two ports are in blocking/waiting state and if it 
discovers a poisoner it disables the attacker's port for a variable delay 
that can be set in /proc fs (4 seconds as default). 

I and others researchers have tested the algorithm in a little LAN of our
University and it seems to work properly against ARP attacks. 

I think that this code must be tested by other people now to discover 
possible bugs and receive suggestions. 

The code are downloadable at this link:
http://overet.securitydate.it/codes/patch-linux-2.6.10-SASv1.1.diff 


Best regards,
Giuseppe Gottardi 


 ----------------------------------------
Giuseppe Gottardi (aka oveRet)
University of Ancona (Italy)
Dept of Electronics AI and Telecommunications 

Email: overet(at)securitydate<dot>it, overet(at)spine-group<dot>org