Re: Config cisco switches against arpspoofing

From: Max (max@neuropunks.org)
Date: 05/16/02 

Date: Thu, 16 May 2002 15:58:51 -0400 (EDT)
From: Max <max@neuropunks.org>
To: Vs Metal <vserpoul@isep.fr>

Cisco switches support MAC address locking, meaning that a given port on a
switch won't let traffic through unless source MAC address is the one it
knows.
This is similar in function on UNIX's /etc/ethers I suppose.
At the interface config option issue "port secure" command, then you can
either let the switch learn MAC's and lock them in, or you can do static
MAC-IP mapping. If switch sees traffic that doesn't belong on a specific
port, it will either
1. suspend the port for some time
2. disable port till you re-enable it
3. do nothing but log the bogus traffic
your choice.
Don't remember how to do all of it off the top of my head, so look on
cisco's site for docs.

Max

On 15 May 2002, Vs Metal wrote:

> Date: 15 May 2002 15:30:04 -0000
> From: Vs Metal <vserpoul@isep.fr>
> To: pen-test@securityfocus.com
> Subject: Config cisco switches against arpspoofing
>
>
>
> I wanna know if there is a definite LAYER 2 ( switch )
> configuration to disable this attack ( root@linux #
> arpspoof -t... ). I heard about private VLANs, but this
> solution doesn't really suit customers'demand. Does anyone
> know another way to disable it ?
>
> thx a lot
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: Identify OS?
    ... The first thing that struck me was port 6112/dtspc. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Digital UNIX 5.60 recourses
    ... Find out what is running on what port (use of netcat, nmap, ... >> Subject: Digital UNIX 5.60 recourses ... >This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • RE: Serial Connection Password Cracker.
    ... This is a tcp socket server that redirects all I/O to a serial port. ... > Subject: Re: Serial Connection Password Cracker. ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • RE: How to discover FW-1 management module or GUI?
    ... Indeed port 257 is the port used by the management console to communicate ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... > automatically alerts you to the latest security vulnerabilities please ...
    (Pen-Test)
  • Re: Cat 2924
    ... Copyright 1986-2004 by cisco Systems, ... BOX in both H/W and S/W, compared to a C2924-XL Switch... ... FastEthernet0/1 failed front-end loopback test ... to make the port configuration "visible", you need to apply 2 commands ...
    (comp.dcom.sys.cisco)