Security Incidents mailing list archives
Re: against illegal arp update
From: "Greg A. Woods" <woods () weird com>
Date: Tue, 11 Mar 2003 18:26:19 -0500 (EST)
[ On , March 11, 2003 at 10:19:24 (+0100), Cedric Blancher wrote: ]
Subject: Re: against illegal arp update Arpwatch is a tool that monitors ethernet trafic in order to detect MAC/IP couples and spot changes. In a switched environment, this can only be done on ethernet broadcast stuff.
s/switched/bridged/ -- switches are just multi-port bridges. :-) Also, for any SNMP-managed switch or bridge it's possible to monitor all MAC/IP assignments on any connected networks using something like arpsnmp, which is part of the ARPwatch package distribted by LBL. ftp://ftp.ee.lbl.gov/arpwatch.tar.gz -- Greg A. Woods +1 416 218-0098; <g.a.woods () ieee org>; <woods () robohack ca> Planix, Inc. <woods () planix com>; VE3TCP; Secrets of the Weird <woods () weird com> ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- against illegal arp update SB CH (Mar 10)
- Re: against illegal arp update Cedric Blancher (Mar 11)
- Re: against illegal arp update Greg A. Woods (Mar 12)
- Re: against illegal arp update Cedric Blancher (Mar 11)