Security Basics mailing list archives
Re: sniffing in a switched network - a presentation on ARP spoofing
From: Brad DeShong <brad () deshong net>
Date: Wed, 06 Jul 2005 22:44:07 -0500
Manu Garg wrote:
Another tool, Arp* (pronounced arpstar) implements arp poisoning detection and prevention as a linux kernel module. A windows port is in the works...Greetings everyone, Since some of you really liked the presentation, I would like to mention it's french translation done by Jerome Athias. You can find it here: http://wired.s6n.com/files/jathias/arp_spoofing_in_switched_lans_FR.pdf Other updates: http://manugarg.blogspot.com/2005/06/update.html cheers, ~manu On 7/1/05, Nikolai Alexandrov <voyager123bg () gmail com> wrote:Good one. ARP spoofing is greater security risk in my opinion than ARP poisoning. ARP poisoning is a litttle bit too noisy, and that makes it a little less of a concern (yet it shouldn't be underestimated. I've seen switches, with overflowed arp tables working like hubs...). ARP spoofing, on the other hand, could be a big problem, mainly in end-point switches (non-manageble, dumb switches). Especialy when combined with something to leave the TTL untouched by the forwarding machine(attacker)... It could be done in a way that is very, very, hard to find. Shane Singh wrote:And a whitepaper on how to detect ARP spoofing. http://www.foundstone.com/resources/perspectives/AskTheExpert-200406.pdf
http://arpstar.sourceforge.net -Brad DeShong West Annex Security
Current thread:
- Re: sniffing in a switched network - a presentation on ARP spoofing Nikolai Alexandrov (Jul 04)
- Re: sniffing in a switched network - a presentation on ARP spoofing Manu Garg (Jul 05)
- Re: sniffing in a switched network - a presentation on ARP spoofing Brad DeShong (Jul 11)
- Re: sniffing in a switched network - a presentation on ARP spoofing Manu Garg (Jul 05)