Security Basics mailing list archives
Re: sniffing in a switched network - a presentation on ARP spoofing
From: Nikolai Alexandrov <voyager123bg () gmail com>
Date: Fri, 01 Jul 2005 16:30:36 +0300
Good one. ARP spoofing is greater security risk in my opinion than ARP poisoning. ARP poisoning is a litttle bit too noisy, and that makes it a little less of a concern (yet it shouldn't be underestimated. I've seen switches, with overflowed arp tables working like hubs...). ARP spoofing, on the other hand, could be a big problem, mainly in end-point switches (non-manageble, dumb switches). Especialy when combined with something to leave the TTL untouched by the forwarding machine(attacker)... It could be done in a way that is very, very, hard to find.
Shane Singh wrote:
And a whitepaper on how to detect ARP spoofing. http://www.foundstone.com/resources/perspectives/AskTheExpert-200406.pdf
Current thread:
- Re: sniffing in a switched network - a presentation on ARP spoofing Nikolai Alexandrov (Jul 04)
- Re: sniffing in a switched network - a presentation on ARP spoofing Manu Garg (Jul 05)
- Re: sniffing in a switched network - a presentation on ARP spoofing Brad DeShong (Jul 11)
- Re: sniffing in a switched network - a presentation on ARP spoofing Manu Garg (Jul 05)