Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: against illegal arp update

From: "Greg A. Woods" <woods () weird com>
Date: Tue, 11 Mar 2003 18:26:19 -0500 (EST)
[ On , March 11, 2003 at 10:19:24 (+0100), Cedric Blancher wrote: ]

Subject: Re: against illegal arp update

Arpwatch is a tool that monitors ethernet trafic in order to detect
MAC/IP couples and spot changes. In a switched environment, this can
only be done on ethernet broadcast stuff.


s/switched/bridged/  -- switches are just multi-port bridges.  :-)

Also, for any SNMP-managed switch or bridge it's possible to monitor all
MAC/IP assignments on any connected networks using something like
arpsnmp, which is part of the ARPwatch package distribted by LBL.

        ftp://ftp.ee.lbl.gov/arpwatch.tar.gz

-- 
                                                                Greg A. Woods

+1 416 218-0098;            <g.a.woods () ieee org>;           <woods () robohack ca>
Planix, Inc. <woods () planix com>; VE3TCP; Secrets of the Weird <woods () weird com>

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>
Previous By Date Next
Previous By Thread Next

Current thread: