RE: Arpwatch

From: J. Oquendo (segment_at_antioffline.com)
Date: 09/11/03

  • Next message: Halverson, Chris: "FW: Windows Server 2003"
    Date: Wed, 10 Sep 2003 23:19:20 -0400
    To: security-basics@securityfocus.com
    
    

    From the secfocus write up... Arpwatch monitors ethernet activity
    and keeps a database of ethernet/ip address pairings. It also
    reports certain changes via email.

    This should have been self explanatory enough.

    If you were unsure what it was and what it does, then why
    would you bother downloading and installing it? Now I don't
    mean to rattle you up, nor flame, nor cause commotion, but
    at times I become curious to know why some use things
    without knowing what it does. Wouldn't it have made more
    sense to you to find out what it was you needed to do,
    then look for something useful based on that information?

    Think about this for a quick second. I notice that many
    are quick to rush into downloading something to use never
    taking the time to understand the background of it all.
    Now suppose you saw something that said arpkeep. Would
    you quickly rush to download gcc the file without fully
    understanding what it does? Suppose it was a backdoor?

    Oh well my rant for the month sorry if I offended anyone
    but sometimes it's always good to see a reminder and
    considering this is technically a security list, I
    thought it would be appropriate to edumacate some who
    were new on the list or the scene like moi.

    ---------------------------------------------------
    I have recently installed arpwatch on one of our servers. I understood
    arpwatch "learns" arp replies, but since arp replies are destined to a
    specific MAC and
    this is a switched network, how can arpwatch see all arp replies ?
    ---------------------------------------------------

    +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
    exec `echo ajbqghuf|rot13|sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//'`

    Jesus Oquendo
    sil @ disgraced . org
    sil @ antioffline . com

    PGP Fingerprint
    39A7 24C6 A9A0 6C67 96CA 0302 F1D3 2420 851E E3D0

    You're free. And freedom is beautiful. And, you know,
    it'll take time to restore chaos and order, order out
    of chaos. But we will." George W. Bush Washington,
    D.C., April 13, 2003

    ---------------------------------------------------------------------------
    Captus Networks
    Are you prepared for the next Sobig & Blaster?
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Precisely Define and Implement Network Security
     - Automatically Control P2P, IM and Spam Traffic
    FIND OUT NOW - FREE Vulnerability Assessment Toolkit
    http://www.captusnetworks.com/ads/42.htm
    ----------------------------------------------------------------------------


  • Next message: Halverson, Chris: "FW: Windows Server 2003"

    Relevant Pages

    • arpwatch
      ... I have recently installed arpwatch on one of our servers. ... arpwatch "learns" arp replies, but since arp replies are destined to a ... specific MAC and ... Precisely Define and Implement Network Security ...
      (Security-Basics)
    • RE: starnge arp.dat
      ... tell you if it's a problem with arpwatch itself. ... Did you use this subnet ... network analyzers. ...
      (Security-Basics)
    • RE: arpwatch
      ... Arpwatch does not require that you use a monitoring port or even that you ... have a managed switch in your network. ... traffic that you will see anywhere on an unmanaged network. ...
      (Security-Basics)
    • Re: IP to MAC mapping
      ... try arpwatch, this does exactly what you are looking for... ... > all ip addresses and MAC addresses that are using it. ... > network adapter vendor and running services. ... > then checking it against a database. ...
      (Security-Basics)
    • RE: arpwatch
      ... I think zidan's question is not "what does arpwatch do?", ... find the documentation for your switch and see if it has a monitoring ... port that receives all traffic. ... > this is a switched network, how can arpwatch see all arp replies? ...
      (Security-Basics)