Security Basics mailing list archives
Re: arpwatch
From: Mikkel Christensen <mike () unifix org>
Date: Thu, 11 Sep 2003 15:32:23 +0200
Arp requests are broadcasted, your tcpip stack is shouting out (Who has ip x.x.x.x) and the other end shouts back (i have and i am xx:xx:xx:xx:xx:xx) these informations are by defination broadcasted. I gues its to allow other hosts to lisent for the arp packets and buffer them to faster lookup IP's. mike On Wed, 10 Sep 2003 09:33:00 -0800 "zidan" <zidan00 () fastmail fm> wrote:
hello, I have recently installed arpwatch on one of our servers. I understood arpwatch "learns" arp replies, but since arp replies are destined to a specific MAC and this is a switched network, how can arpwatch see all arp replies ? -Z -- zidan zidan00 () fastmail fm -- http://www.fastmail.fm - Sent 0.000002 seconds ago --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
-- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- arpwatch zidan (Sep 10)
- Re: arpwatch Tomas Wolf (Sep 11)
- Re: arpwatch John T. Hollyoak (Sep 11)
- RE: arpwatch ted koenig (Sep 11)
- Re: arpwatch Mikkel Christensen (Sep 12)
- Re: arpwatch John T. Hollyoak (Sep 11)
- Re: arpwatch Tomas Wolf (Sep 11)
- Re: arpwatch Gunter Luyten (Sep 11)
- Re: arpwatch Gunter Luyten (Sep 11)
- RE: arpwatch Zachary Mutrux (Sep 11)
- Logical access controle to network segments and boxes MeaCulpa (Sep 11)
- Re: Logical access controle to network segments and boxes Tim Syratt (Sep 11)
- Logical access controle to network segments and boxes MeaCulpa (Sep 11)
- Re: arpwatch Mikkel Christensen (Sep 11)
- <Possible follow-ups>
- RE: Arpwatch J. Oquendo (Sep 11)
- RE: Arpwatch zidan (Sep 11)
- Re: arpwatch zidan (Sep 11)
- RE: arpwatch Tony Kava (Sep 11)
- RE: arpwatch Tony Kava (Sep 11)
- RE: arpwatch Kim Oppalfens (Sep 12)
- Re: arpwatch B. McAninch (Sep 15)
- RE: arpwatch zidan (Sep 15)
- RE: arpwatch David Gillett (Sep 15)