Security Basics mailing list archives
RE: Arpwatch
From: "J. Oquendo" <segment () antioffline com>
Date: Wed, 10 Sep 2003 23:19:20 -0400
From the secfocus write up... Arpwatch monitors ethernet activity
and keeps a database of ethernet/ip address pairings. It also reports certain changes via email. This should have been self explanatory enough. If you were unsure what it was and what it does, then why would you bother downloading and installing it? Now I don't mean to rattle you up, nor flame, nor cause commotion, but at times I become curious to know why some use things without knowing what it does. Wouldn't it have made more sense to you to find out what it was you needed to do, then look for something useful based on that information? Think about this for a quick second. I notice that many are quick to rush into downloading something to use never taking the time to understand the background of it all. Now suppose you saw something that said arpkeep. Would you quickly rush to download gcc the file without fully understanding what it does? Suppose it was a backdoor? Oh well my rant for the month sorry if I offended anyone but sometimes it's always good to see a reminder and considering this is technically a security list, I thought it would be appropriate to edumacate some who were new on the list or the scene like moi. --------------------------------------------------- I have recently installed arpwatch on one of our servers. I understood arpwatch "learns" arp replies, but since arp replies are destined to a specific MAC and this is a switched network, how can arpwatch see all arp replies ? --------------------------------------------------- +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= exec `echo ajbqghuf|rot13|sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//'` Jesus Oquendo sil @ disgraced . org sil @ antioffline . com PGP Fingerprint 39A7 24C6 A9A0 6C67 96CA 0302 F1D3 2420 851E E3D0 You're free. And freedom is beautiful. And, you know, it'll take time to restore chaos and order, order out of chaos. But we will." George W. Bush Washington, D.C., April 13, 2003 --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Re: arpwatch, (continued)
- Re: arpwatch Tomas Wolf (Sep 11)
- Re: arpwatch John T. Hollyoak (Sep 11)
- RE: arpwatch ted koenig (Sep 11)
- Re: arpwatch Mikkel Christensen (Sep 12)
- Re: arpwatch John T. Hollyoak (Sep 11)
- Re: arpwatch Tomas Wolf (Sep 11)
- Re: arpwatch Gunter Luyten (Sep 11)
- Re: arpwatch Gunter Luyten (Sep 11)
- RE: arpwatch Zachary Mutrux (Sep 11)
- Logical access controle to network segments and boxes MeaCulpa (Sep 11)
- Re: Logical access controle to network segments and boxes Tim Syratt (Sep 11)
- Logical access controle to network segments and boxes MeaCulpa (Sep 11)
- Re: arpwatch Mikkel Christensen (Sep 11)
- RE: Arpwatch J. Oquendo (Sep 11)
- RE: Arpwatch zidan (Sep 11)
- Re: arpwatch zidan (Sep 11)
- RE: arpwatch Tony Kava (Sep 11)
- RE: arpwatch Tony Kava (Sep 11)
- RE: arpwatch Kim Oppalfens (Sep 12)
- Re: arpwatch B. McAninch (Sep 15)
- RE: arpwatch zidan (Sep 15)
- RE: arpwatch David Gillett (Sep 15)