Re: RARP attack?

[pashdown () xmission com (Pete Ashdown)]

> > It looks as if someone broke into one of these other machines, then started
> > sending out bogus RARP packets.  I had been experiencing a weird packet loss
> > that I couldn't track down for the past few weeks, but today and yesterday
> > several of our Suns were not reachable at all from the provider's Cisco.
>
> Have you captured one of those packets?

No.  I'd like some advice on how to do this with a Cisco though.

> You could redirect traffic between two hosts by stomping over an
> existing ARP cache entry.  Just send an ARP request from your host,
> with the sender IP address being that of the entry you want to override,
> and the target host will start sending IP packets destined to that
> host to your MAC address.

I didn't capture the MAC address (terminal with no scrollback :-( ), so I'm
not sure if it pointed to any particular machine on the local ethernet.