Security Basics mailing list archives

RE: arpwatch

From: Kim Oppalfens <Kim.Oppalfens () azlan com>
Date: Fri, 12 Sep 2003 07:43:57 +0200

It doesn't really matter that you can't see the unicast traffic since
arpspoofing is done with broadcast packets.

Kim Oppalfens 

-----Original Message-----
From: zidan [mailto:zidan00 () fastmail fm] 
Sent: donderdag 11 september 2003 20:29
To: Gunter.Luyten () student kuleuven ac be
Cc: security-basics () securityfocus com

I don't agree, arp requests are broadcasts. but response is not broadcast,
its unicast.
the answering source to the asking destination.

what I don't understand, is how can the arpwatch station can see this packet
if this is a switched network

-Z
--
  zidan
  zidan00 () fastmail fm

--
http://www.fastmail.fm - A fast, anti-spam email service.

---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW -  FREE
Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

DISCLAIMER: The information in this message is confidential and may be
legally privileged. It is intended solely for the addressee.  Access to this
message by anyone else is unauthorised.  If you are not the intended
recipient, any disclosure, copying, or distribution of the message, or any
action or omission taken by you in reliance on it, is prohibited and may be
unlawful.  Please immediately contact the sender if you have received this
message in error. Thank you.

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

Re: arpwatch, (continued)
- Re: arpwatch Gunter Luyten (Sep 11)
- RE: arpwatch Zachary Mutrux (Sep 11)
  - Logical access controle to network segments and boxes MeaCulpa (Sep 11)
    - Re: Logical access controle to network segments and boxes Tim Syratt (Sep 11)
- Re: arpwatch Mikkel Christensen (Sep 11)
- RE: Arpwatch J. Oquendo (Sep 11)
- RE: Arpwatch zidan (Sep 11)
- Re: arpwatch zidan (Sep 11)
- RE: arpwatch Tony Kava (Sep 11)
- RE: arpwatch Tony Kava (Sep 11)
- RE: arpwatch Kim Oppalfens (Sep 12)
  - Re: arpwatch B. McAninch (Sep 15)
- RE: arpwatch zidan (Sep 15)
  - RE: arpwatch David Gillett (Sep 15)