Re: Windows dynamic ARP

[James <jimbob.coffey () gmail com>]

> > Actually an easier way would be to use the requestedresponse filter in
> > Xarp.  This only allows a response if your host generated a request.
> > If you are static mapping ip to mac you should never generate a
> > request.
>
>
> Unfortunately XArp can't really 'filter' (drop) the packets, but alert you.

I am sure you will correct me Chris (You did write the tool after all
;-) but I was under the impression the requestedresponse filter
actually dropped a response to the host Xarp is running on if the host
didn't issue an arp request ?

> I am currently working on a Linux port where writing a network driver for

wouldn't arptables
http://ebtables.sourceforge.net/arptables-man.html
be able to handle the linux side of things ?

> If you want to get an overview of mechanisms available for ARP attack
> detection, you can have a look at a (yet incomplete) presentation I once
> started: http://www.chrismc.de/development/xarp/arp_security_tools.html
> (http://www.chrismc.de/development/xarp/Securing_ARP_0_2_0.pdf)

You could also possibly include Cisco's Dynamic Arp Inspection (DAI)
in your line up of products. Sounds good on paper....


-- 
jac
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards