Re: ARP Poisoning
- From: Dan Lukes <dan@xxxxxxxxx>
- Date: Sat, 12 Apr 2008 03:19:31 +0200
budsz napsal/wrote, On 04/12/08 01:58:
I got movement ARP entry to other MAC ADDR
on the same IP ADDR. Everyone know what happen is? Is that ARP
Poisoning.
Not necessary. It may be misconfigured computer (configured statically to use an address assigned to another computer). Or there may be an unauthorized DHCP server - for example misconfigured Windows with two or more NICs may run one causing the IP conflicts. Yes, it may be intentional attack also.
How to resolve ? You need to found the source of problem and disconnect it. If it is misconfiguration, you may identify the computer via MAC. If it is attack and your LAN is not so large, you may try to disconnect parts of them - when problem disappear you know the segment of the computer you are searching for.
If your LAN isn't small you need to consult your switches from where the attacker MAC come. You can't build reliable large LAN with dumb switches, so I'm sure you have smart switches on your LAN.
But it seems to me your question has nothing to do with FreeBSD with the exception that there is one computer with FreeBSD connected to problematic LAN.
Dan
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- ARP Poisoning
- From: budsz
- ARP Poisoning
- Prev by Date: ARP Poisoning
- Next by Date: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
- Previous by thread: ARP Poisoning
- Next by thread: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
- Index(es):
Relevant Pages
|
|
