Re: ARP Poisioning protection for Windows users

[Ghaith Nasrawi <libero () aucegypt edu>]

Also what you can do is to set a static arp entry for your gateway mac
address. It's not 100% secure, but will do lots of the job.
See :\>arp -h

If somebody tried to arpspoof the gateway, your machine will still send
its traffic to that gateway; however, if he flooded your machine, am not
sure win will be able to cope with this attack.


./Ghaith
===============

Today is the tomorrow you worried about yesterday





-----Original Message-----
From: Hiroaki Kondo [mailto:hackman () venus dti ne jp] 
Sent: Wednesday, July 23, 2003 7:27 AM
To: security-basics () securityfocus com
Subject: Re: ARP Poisioning protection for Windows users

In-Reply-To: <002801c3469b$32e85cf0$d70c420a@bigkid>

Hi



http://packetstorm.trustica.cz/Win2k/irs15.exe

Aren't you trying this one?

I Hope this is good at your purpose.



Hiroaki Kondo

Crosshead K.K. In Japan





Product Description:

IP Restrictions Scanner (IRS) is a Windows NT/2k tool which finds out 

which network restrictions have been set for a particular service on a 

host. It combines "ARP Poisoning" and "Half-Scan" techniques and tries 

totally spoofed TCP connections to the selected port of the target. 

Changes: Better temp file use to minimize false positives, bug fixes,
and 

code cleanups.  Homepage: http://www.oxid.it. By Mao

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------