Penetration Testing mailing list archives
Re: Config cisco switches against arpspoofing
From: Max <max () neuropunks org>
Date: Thu, 16 May 2002 15:58:51 -0400 (EDT)
Cisco switches support MAC address locking, meaning that a given port on a switch won't let traffic through unless source MAC address is the one it knows. This is similar in function on UNIX's /etc/ethers I suppose. At the interface config option issue "port secure" command, then you can either let the switch learn MAC's and lock them in, or you can do static MAC-IP mapping. If switch sees traffic that doesn't belong on a specific port, it will either 1. suspend the port for some time 2. disable port till you re-enable it 3. do nothing but log the bogus traffic your choice. Don't remember how to do all of it off the top of my head, so look on cisco's site for docs. Max On 15 May 2002, Vs Metal wrote:
Date: 15 May 2002 15:30:04 -0000 From: Vs Metal <vserpoul () isep fr> To: pen-test () securityfocus com Subject: Config cisco switches against arpspoofing I wanna know if there is a definite LAYER 2 ( switch ) configuration to disable this attack ( root@linux # arpspoof -t... ). I heard about private VLANs, but this solution doesn't really suit customers'demand. Does anyone know another way to disable it ? thx a lot ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Config cisco switches against arpspoofing Vs Metal (May 16)
- Re: Config cisco switches against arpspoofing Max (May 17)