Re: sniffing in a switched network - a presentation on ARP spoofing

[Brad DeShong <brad () deshong net>]

Manu Garg wrote:

> Greetings everyone,
>
> Since some of you really liked the presentation, I would like to
> mention it's french translation done by Jerome Athias. You can find it
> here:
>
> http://wired.s6n.com/files/jathias/arp_spoofing_in_switched_lans_FR.pdf
>
> Other updates:
> http://manugarg.blogspot.com/2005/06/update.html
>
> cheers,
> ~manu
>
> On 7/1/05, Nikolai Alexandrov <voyager123bg () gmail com> wrote:
>  
>
> > Good one. ARP spoofing is greater security risk in my opinion than ARP
> > poisoning. ARP poisoning is a litttle bit too noisy, and that makes it a
> > little less of a concern (yet it shouldn't be underestimated. I've seen
> > switches, with overflowed arp tables working like hubs...). ARP
> > spoofing, on the other hand, could be a big problem, mainly in end-point
> > switches (non-manageble, dumb switches). Especialy when combined with
> > something to leave the TTL untouched by the forwarding
> > machine(attacker)... It could be done in a way that is very, very, hard
> > to find.
> >
> > Shane Singh wrote:
> >
> >    
> >
> > > And a whitepaper on how to detect ARP spoofing.
> > >
> > > http://www.foundstone.com/resources/perspectives/AskTheExpert-200406.pdf
> > >
> > >
> > >
> > >      
>
>
>  
Another tool, Arp* (pronounced arpstar) implements arp poisoning 
detection and prevention as a linux kernel module.  A windows port is in 
the works...

http://arpstar.sourceforge.net

-Brad DeShong
West Annex Security