Security Basics mailing list archives
Re: ARP Poisoning
From: "Chris McNab" <chris.mcnab () trustmatta com>
Date: Thu, 8 May 2003 13:26:17 +0100
OK, Static ARP entries are not a viable solution in a dynamic environment. Sure if you have maybe 3 servers in a DMZ, but not if you are looking to protect workstations and servers on an internal network space. Anyway, its known that a few operating systems (Windows, Solaris, et al) flush the ARP cache (including static entries) periodically, and under Windows the static entries can be overwritten using spoofed ARP replies!! ARP has no authentication or security built into it. Due to the nature of the protocol it is not routable, and so at least these attacks are limited to internal network space. Arpwatch is the only decent way to protect against this threat: http://www.securityfocus.com/tools/142 Arpwatch is a tool that monitors ethernet activity and keeps a database of ethernet/ip address pairings. It also reports certain changes via email. Chris Chris McNab Technical Director Matta Security Limited 18 Noel Street London W1F 8GN Tel: 0870 077 1100 Web: www.trustmatta.com --------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ----------------------------------------------------------------------------
Current thread:
- ARP Poisoning Naman Latif (May 05)
- Re: ARP Poisoning Pierre BETOUIN (May 06)
- Re: ARP Poisoning buzzdee (May 06)
- Re: ARP Poisoning Sapient2003 (May 06)
- RE: ARP Poisoning David Gillett (May 07)
- <Possible follow-ups>
- RE: ARP Poisoning d'Ambly, Jeff (May 06)
- Re: ARP Poisoning Chris McNab (May 08)