Firewall Wizards mailing list archives
Re: Windows dynamic ARP
From: James <jimbob.coffey () gmail com>
Date: Wed, 7 Jan 2009 16:25:45 +1100
Actually an easier way would be to use the requestedresponse filter in Xarp. This only allows a response if your host generated a request. If you are static mapping ip to mac you should never generate a request.Unfortunately XArp can't really 'filter' (drop) the packets, but alert you.
I am sure you will correct me Chris (You did write the tool after all ;-) but I was under the impression the requestedresponse filter actually dropped a response to the host Xarp is running on if the host didn't issue an arp request ?
I am currently working on a Linux port where writing a network driver for
wouldn't arptables http://ebtables.sourceforge.net/arptables-man.html be able to handle the linux side of things ?
If you want to get an overview of mechanisms available for ARP attack detection, you can have a look at a (yet incomplete) presentation I once started: http://www.chrismc.de/development/xarp/arp_security_tools.html (http://www.chrismc.de/development/xarp/Securing_ARP_0_2_0.pdf)
You could also possibly include Cisco's Dynamic Arp Inspection (DAI) in your line up of products. Sounds good on paper.... -- jac _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Windows dynamic ARP James (Jan 08)
- Re: Windows dynamic ARP Christoph Mayer (Jan 15)