I've been reading about this whole 'arp poisoning’ thing. The only materials that I’ve seen are all offensive (as apposed to defensive papers)-> would any one happen to know of some info. That I can find on this subject. How to protect against it; How to detect it, et cetera…
At the end it has some suggestions for protecting yourself against ARP poisoning. Its not the best, but it is a start.
June 20th, 2003, 06:43 PM
I've managed to spoof the Switch with a false MAC address.
I 've changed my MAC addresst (my terminal computer) to the default Gateway computer (win 2k server ). In the bridge table it show one MAC address in 2 port (the port to my box and to the server box). And other client sometime suffer from accessing the default-gateway.
However. when i changed the IP of my box to the server IP, it states a IP confict and the IP turns to 0.0.0.0 (phew, luckily). I thought .... if some one manage to successfully change the IP, it would be messy for whole the network.
June 21st, 2003, 08:01 AM
I think some newer switches actually incorporate 'port security' or something similarly named, which allows the switch to be set so that it can detect attempts to use ARP to change the IP on a particular physical port.
June 21st, 2003, 10:23 AM
ARP is evil!
Lots of new switches incorporate security measures.
Thanks to CXGJarrod for the great link
June 21st, 2003, 05:24 PM
I've checked .
A Cisco Catalyst 2950, 1 MAC address are binded into 2 ports (one legal and one illegal).
All the inside potential hacker have to do is to spoof the default gateway IP address. Don't tell me to asign priviliged level to all users, coz my policy is ..., ya know, i'm not the one who decide.