1. OpenDNS – http://www.opendns.org – pretty much solid dns servers, highly recommended by many people.

2. ScrubIt – http://scrubit.com – Haven’t used myself, found in the net.

3. gtei.net – nosite – One of the advantages of these servers –> IP numbers easy to remember!
a) 4.2.2.1
b) 4.2.2.2
c) 4.2.2.3
d) 4.2.2.4
e) 4.2.2.5
f) 4.2.2.6

Cool, ah?

Others you can get at http://www.dnsserverlist.org/

To conserve bandwidth, switches direct traffic to a specific port based on the target MAC address (as opposed to hubs which simply broadcast all packets to all ports). This allows multiple peer-to-peer conversations to occur at the same time as each conversation only requires two ports (whereas in a hub each conversation occupies all ports!) Hence, bandwidth management; not security .

For a switch to know which port connects to which MAC addresses, the switch creates and manages a CAM table (a simple mapping between port and MAC address(es)). If no Port Security, this table is dynamic and changes over time (to allow for hosts to appear, disappear and move between ports). The switch learns the CAM table mappings by monitoring the source and destination MAC addresses in packets that it directs.

Now look at the Port Stealing slide. Send layer 2 packets with “source address equal to victim host address” and “destination address equal to its own mac address”. Taking these in reverse order, the switch will direct the packet to the port mapped to the destination address, the attackers “own mac address”; i.e. the packet will return to the attackers host (so no other hosts will notice the packet). At the same time, the switch will record the source address of the packet against the port it came from in the CAM table; i.e. the victim host (MAC) address against the attacker’s port. If you looked in the CAM table, you’d now find the attackers port mapped to both the attackers MAC address and also the victim’s MAC address.

The switch will now direct the next packet targeted at the victim’s MAC address to the attackers port (based on the CAM table entry) – the port is ’stolen’.

To relay the packet to the correct port (so that the conversations can continue uniterrupted), the attacker needs to get the CAM table back to the original state, i.e. with the victim’s port mapped to the victim’s MAC address. This is achieved by issuing a broadcast ARP request for the victim’s IP address. Broadcast means the request will go to all ports (including the victim). When the victim responds, the switch will record the new CAM table mapping (back to where it was originally). The captured packet can now be resent by the attacker and correctly directed by the switch to the victim’s port.

Now (and this is the scary bit) to get and relay the _next_ packet, the attacker needs to repeat the entire process. It looks like a lot of work and is why I raised queries about whether or not packets would be dropped. NaGA says ‘not necessarily’ which is fair enough.

URL: http://ettercap.sourceforge.net/forum/viewtopic.php?t=2329 

Let’s agree on that all of the above mentioned stuff is applicable to Windows OS stations. Agree that Linux/UNIX based Operations Systems have almost none of the above mentioned problems. However, I don’t claim that you cannot hack them, exploit or have trojans on them, yes you can BUT you must be very much skillful and probabilities you get a virus is almost none. Having stated this we suppose that we are talking about Windows, particularly Windows XP.

If you are using broadband at home with only one single PC here’s what I recommend to install:

1. AVG Antivirus and AVG AntiSpyware from Grisoft
2. ZoneAlarm by Check Point
3. Have the latest patches and updates installed on your WindowsXP
4. Optionally to AVG have ClamAV win32 installed
5. Use Mozilla Firefox or at least Opera web browsers instead of Internet Explorer from Microsoft. Yes, at some point IE has more security issues, attract more viruses then the other browsers.
6. Have your phone line closed to make international calls. You can have somebody from your Telco assist you on this.

If you have a single PC connected these softwares will help you to defend yourself against malware, adware, spyware and various viruses and threats that can be easily found if you are using internet.

Now if you have multiple PC network I can say that it is more or less same except that you might want to install some kind of firewall/router centrally in your network. That is apart from each clients personal firewall and antivirus softwares.

1. Let modem handle the connection by itself. This can be done via modem’s web configuration panel. Most of the modems nowadays ship with some kind of strip down linux versions and have a web interface to control.
2. If your number of PCs in your network is 1-10, you can use your modem to act as a network server – DHCP,Router, Gateway, DNS, Proxy, Firewall.
3. If you have more then 10, I suggest you might consider having additional PC to act as a network server. I recommend IPcop or its fork Endian Community Edition. If you just need the work to be done without much hardware investments you might consider building your own firewall/router with one of the linux/bsd distros.
4. Convince you friends/family/colleagues use Linux!

There are always threats day by day and the most important rule of thumb here is to make sure you follow the updates from software vendors, subscribing to their E-Mail lists, news RSS and read the updates from their websites. Also good to join some kind of forum local in your area to be aware of the latest threats and issues. And of course visit less on porn(!) and warez offering websites! Most of the time they contain viruses and trojans as well as various kind of adware/spyware/malware.