ARP spoofing or ARP poisoning is a problem on most network, and can be difficult to mitigate against, short of having switches with ARP security or Dynamic ARP Inspection.
Also, having an attacker (or a clueless user) deploy a DHCP server on your network can be devastating. DHCP Snooping on Cisco Catalyst switches can help against that.
Arpwatch is a free (open source - BSD licensed) tool that monitors ethernet ARP activity using pcap(3) and keeps a database of ethernet/ip address pairings and reports changes via email.
Arpwatch runs on all major UNIX (Solaris, OpenServer, Unixware) and UNIX-like platforms (BSDs, Linux an such).
You can download the current version from:
ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
Sunday, October 28, 2007
Detecting ARP spoofing with Arpwatch.
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment