Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sniffing in a switched network - a presentation on ARP spoofing

From: Manu Garg <manugarg () gmail com>
Date: Mon, 4 Jul 2005 15:48:51 -0400
Greetings everyone,

Since some of you really liked the presentation, I would like to
mention it's french translation done by Jerome Athias. You can find it
here:

http://wired.s6n.com/files/jathias/arp_spoofing_in_switched_lans_FR.pdf

Other updates:
http://manugarg.blogspot.com/2005/06/update.html

cheers,
~manu

On 7/1/05, Nikolai Alexandrov <voyager123bg () gmail com> wrote:

Good one. ARP spoofing is greater security risk in my opinion than ARP
poisoning. ARP poisoning is a litttle bit too noisy, and that makes it a
little less of a concern (yet it shouldn't be underestimated. I've seen
switches, with overflowed arp tables working like hubs...). ARP
spoofing, on the other hand, could be a big problem, mainly in end-point
switches (non-manageble, dumb switches). Especialy when combined with
something to leave the TTL untouched by the forwarding
machine(attacker)... It could be done in a way that is very, very, hard
to find.

Shane Singh wrote:


And a whitepaper on how to detect ARP spoofing.

http://www.foundstone.com/resources/perspectives/AskTheExpert-200406.pdf








-- 
Manu Garg
http://www.manugarg.com
"Truth will set you free!"
Previous By Date Next
Previous By Thread Next

Current thread: