Security Incidents mailing list archives
Re: A bit strange ARP queries
From: "Eygene A. Ryabinkin" <rea () rea mbslab kiae ru>
Date: Thu, 22 Dec 2005 12:29:22 +0300
Where this is happening? LAN?
Yes, it is LAN.
The IP who is requesting the arp's is know by you?
Yes, it is one of the clients of that LAN.
What can be happing is a machine that is trying to flood the MAC table of the local switch and making the switch work like a HUB, then the attacker can sniffer the network and get the information that they want.
Maybe, but I am concerned with the presence of target MAC in the who-has packets. -- rea BOFH excuse #177: sticktion
Current thread:
- Re: A bit strange ARP queries, (continued)
- Re: A bit strange ARP queries wayne dawson (Dec 17)
- Re: A bit strange ARP queries Eygene A. Ryabinkin (Dec 17)
- RE: A bit strange ARP queries Craig Skelton (Dec 17)
- RE: A bit strange ARP queries Jeroen van Meeuwen (Dec 17)
- Re: A bit strange ARP queries Samuel R. Baskinger (Dec 21)
- Re: A bit strange ARP queries Eygene A. Ryabinkin (Dec 17)
- Re: A bit strange ARP queries Tillmann Werner (Dec 17)
- Re: A bit strange ARP queries Jeff Kell (Dec 17)
- RE: A bit strange ARP queries Paul Farrington (Dec 17)
- RE: A bit strange ARP queries Dave Hawkins (Dec 19)
- RE: A bit strange ARP queries Koike, Rafael Marcelino (Dec 22)
- Re: A bit strange ARP queries Eygene A. Ryabinkin (Dec 22)
- Re: A bit strange ARP queries wayne dawson (Dec 17)