Security Basics mailing list archives
RE: arpwatch
From: Tony Kava <securityfocus () pottcounty com>
Date: Thu, 11 Sep 2003 14:27:24 -0500
I believe the idea is to record the MAC and IP addresses of the requesting host, not the host for whom an ARP request has been made. Since the request is broadcasted it will work on a switched network. -- Tony Kava Network Administrator Pottawattamie County, Iowa -----Original Message----- From: zidan [mailto:zidan00 () fastmail fm] Sent: Thursday, 11 September, 2003 13:29 To: Gunter.Luyten () student kuleuven ac be Cc: security-basics () securityfocus com Subject: Re: arpwatch I don't agree, arp requests are broadcasts. but response is not broadcast, its unicast. the answering source to the asking destination. what I don't understand, is how can the arpwatch station can see this packet if this is a switched network -Z -- zidan zidan00 () fastmail fm -- http://www.fastmail.fm - A fast, anti-spam email service. --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Re: arpwatch, (continued)
- Re: arpwatch Gunter Luyten (Sep 11)
- Re: arpwatch Gunter Luyten (Sep 11)
- RE: arpwatch Zachary Mutrux (Sep 11)
- Logical access controle to network segments and boxes MeaCulpa (Sep 11)
- Re: Logical access controle to network segments and boxes Tim Syratt (Sep 11)
- Logical access controle to network segments and boxes MeaCulpa (Sep 11)
- Re: arpwatch Mikkel Christensen (Sep 11)
- RE: Arpwatch J. Oquendo (Sep 11)
- RE: Arpwatch zidan (Sep 11)
- Re: arpwatch zidan (Sep 11)
- RE: arpwatch Tony Kava (Sep 11)
- RE: arpwatch Tony Kava (Sep 11)
- RE: arpwatch Kim Oppalfens (Sep 12)
- Re: arpwatch B. McAninch (Sep 15)
- RE: arpwatch zidan (Sep 15)
- RE: arpwatch David Gillett (Sep 15)