Re: Arp poisoning: is there a way out?

From: Oliver (oliver@greyhat.de)
Date: 03/18/03 

From: oliver@greyhat.de (Oliver)
Date: 18 Mar 2003 00:46:01 -0800

Hi...

to protect against arp spoofing/poisening attacks, you have to use a
capable switch which has to be properly configured:

- disable inactive ports on the switch -> prevent a hacker plugin his
laptop in your corporate network

- activate port security -> close ports if the mac-address changes

- set ip based access lists -> prevents "finding" mac/IP-address
combinations on ports where they can't appear

You have to take use from all the settings to prevent arp-spoofing.

bye,

Oliver
www.greyhat.de

Mik <james@james.com> wrote in message news:<5igq5v0634nd9n8o6pjcjrc8t54d8nh97u@4ax.com>...
> Hi, i'm new to this newsgroup and maybe such question has been posted
> already.(If there is a faq link, please let me know).
> In my lan someone is using some sniffer that poisons the arp chache. I
> tried to get around this by trying to set (in my win2k) a static mac
> address that points to the real router's mac addr. Unfortunately the
> command:
>
> arp -s <router's ip><router's mac>
>
> does NOT work. In fact when the sniffer makes an arp poison refresh,
> the mac address gets poisoned again.
> (At the moment the only way out is to lanch a batch file that executes
> the above command continuosly).
> I wondered if you know some other way (a program maybe or something)
> to stop arp poisoning.
> Thanks
> Mike