Security Basics mailing list archives
Re: arpwatch
From: Tomas Wolf <tomas () skip cz>
Date: Thu, 11 Sep 2003 07:33:02 -0400
my 2c -- a) some switches horribly leak :-) b) port mirroring would be the best bet (managable switches necessary) c) some under heavy load work like hubs (flood it) good luck - T. zidan wrote:
hello, I have recently installed arpwatch on one of our servers. I understood arpwatch "learns" arp replies, but since arp replies are destined to a specific MAC and this is a switched network, how can arpwatch see all arp replies ? -Z
---------------------------------------------------------------------------Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
Current thread:
- arpwatch zidan (Sep 10)
- Re: arpwatch Tomas Wolf (Sep 11)
- Re: arpwatch John T. Hollyoak (Sep 11)
- RE: arpwatch ted koenig (Sep 11)
- Re: arpwatch Mikkel Christensen (Sep 12)
- Re: arpwatch John T. Hollyoak (Sep 11)
- Re: arpwatch Tomas Wolf (Sep 11)
- Re: arpwatch Gunter Luyten (Sep 11)
- Re: arpwatch Gunter Luyten (Sep 11)
- RE: arpwatch Zachary Mutrux (Sep 11)
- Logical access controle to network segments and boxes MeaCulpa (Sep 11)
- Re: Logical access controle to network segments and boxes Tim Syratt (Sep 11)
- Logical access controle to network segments and boxes MeaCulpa (Sep 11)
- Re: arpwatch Mikkel Christensen (Sep 11)
- <Possible follow-ups>
- RE: Arpwatch J. Oquendo (Sep 11)