Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Arpwatch

From: "J. Oquendo" <segment () antioffline com>
Date: Wed, 10 Sep 2003 23:19:20 -0400
From the secfocus write up... Arpwatch monitors ethernet activity 

and keeps a database of ethernet/ip address pairings. It also 
reports certain changes via email.

This should have been self explanatory enough. 

If you were unsure what it was and what it does, then why
would you bother downloading and installing it? Now I don't
mean to rattle you up, nor flame, nor cause commotion, but
at times I become curious to know why some use things
without knowing what it does. Wouldn't it have made more
sense to you to find out what it was you needed to do,
then look for something useful based on that information?

Think about this for a quick second. I notice that many
are quick to rush into downloading something to use never
taking the time to understand the background of it all.
Now suppose you saw something that said arpkeep. Would
you quickly rush to download gcc the file without fully
understanding what it does? Suppose it was a backdoor?

Oh well my rant for the month sorry if I offended anyone
but sometimes it's always good to see a reminder and
considering this is technically a security list, I
thought it would be appropriate to edumacate some who
were new on the list or the scene like moi.

---------------------------------------------------
I have recently installed arpwatch on one of our servers. I understood
arpwatch "learns" arp replies, but since arp replies are destined to a
specific MAC and
this is a switched network, how can arpwatch see all arp replies ?
---------------------------------------------------

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
exec `echo ajbqghuf|rot13|sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//'`

Jesus Oquendo
sil @ disgraced . org
sil @ antioffline . com

PGP Fingerprint
39A7 24C6 A9A0 6C67 96CA 0302 F1D3 2420 851E E3D0

You're free. And freedom is beautiful. And, you know, 
it'll take time to restore chaos and order, order out
of chaos. But we will." George W. Bush Washington, 
D.C., April 13, 2003

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: