Results 1 to 6 of 6

Thread: ARP Poison?

  1. #1
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953

    ARP Poison?

    Hey all,

    I've been reading about this whole 'arp poisoning’ thing. The only materials that I’ve seen are all offensive (as apposed to defensive papers)-> would any one happen to know of some info. That I can find on this subject. How to protect against it; How to detect it, et cetera…

    Thank You.
    TampaBay
    yeah, I\'m gonna need that by friday...

  2. #2
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Tampabay: Check out this paper

    http://www.arp-sk.org/doc/arp-sk-lsm2002.pdf

    At the end it has some suggestions for protecting yourself against ARP poisoning. Its not the best, but it is a start.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  3. #3
    I've managed to spoof the Switch with a false MAC address.

    I 've changed my MAC addresst (my terminal computer) to the default Gateway computer (win 2k server ). In the bridge table it show one MAC address in 2 port (the port to my box and to the server box). And other client sometime suffer from accessing the default-gateway.

    However. when i changed the IP of my box to the server IP, it states a IP confict and the IP turns to 0.0.0.0 (phew, luckily). I thought .... if some one manage to successfully change the IP, it would be messy for whole the network.
    Let\'s go to Paramount Great America !!!! LFC (LookingForChick)

  4. #4
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    I think some newer switches actually incorporate 'port security' or something similarly named, which allows the switch to be set so that it can detect attempts to use ARP to change the IP on a particular physical port.
    [HvC]Terr: L33T Technical Proficiency

  5. #5
    Junior Member
    Join Date
    May 2003
    Posts
    13
    ARP is evil!

    Lots of new switches incorporate security measures.

    Check out:

    CXGJarrod's post.

    Thanks to CXGJarrod for the great link

    As always;
    Thats my two cents worth so...
    Cheerio.
    iRoute.net
    PacketStorm

  6. #6
    I've checked .

    A Cisco Catalyst 2950, 1 MAC address are binded into 2 ports (one legal and one illegal).

    All the inside potential hacker have to do is to spoof the default gateway IP address. Don't tell me to asign priviliged level to all users, coz my policy is ..., ya know, i'm not the one who decide.
    Let\'s go to Paramount Great America !!!! LFC (LookingForChick)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •