Re: Defending ARP Spoofing

From: Sebastian Gottschalk <seppi@xxxxxxxxx>
Date: Sat, 18 Feb 2006 20:45:49 +0100

Chris wrote:

Sebastian Gottschalk wrote:

Juergen P. Meier wrote:

The very best defense against ARP spoofing is to make sure your
network design and security concept does not rely on MAC addresses for
any of the following: Authentication, Authorisation, Identification.

What is about Denial of Service? In the sense of not being able to simply
flood the network, but razor-sharp ARP cache deconstruction.

This is a good point and explains why I started this discussion. I am
aware that you can design your network more securely, but if this is not
the case and you are simple a user of this network, what can you do?

As a simple user, it's your job to ask the administrator. :-)

As an administrator, you can either make the entire ARP table static
(and not allowing any dymanically created entries) on a static network
or you can try to limit the effects by carefully structuring your
network, including the usage of IEEE 802.X for authorization and to
track down potential disturbers to a network segment.
.

Follow-Ups:
- Re: Defending ARP Spoofing
  - From: Volker Birk

Prev by Date: Re: Removing Norton
Next by Date: Re: Defending ARP Spoofing
Previous by thread: Re: Removing Norton
Next by thread: Re: Defending ARP Spoofing
Index(es):
- Date
- Thread

Relevant Pages

Re: The structure of a self-conscious mind
... network design. ... It's a pulse sorting network where each node has one input, ... it makes a simple binary decision about which output path to ...
(comp.ai.philosophy)
Re: Mitel IP Trunking on the 3300
... Even in as complex of a network design ... them at least as reliable as the rest of your network hardware. ... >control is based on the signaling path, ... >have plenty of bandwidth or allowing calls to sites that don't have ...
(comp.dcom.telecom.tech)
Re: LAN Drawing
... > specifically for LAN (local area network) diagrams? ... > Paraben's LAN Charter but was wondering what else might be available. ... > symbols for routers, hubs, switches, etc.. ... I did my last network design, but I used Visio exclusively, and everyone ...
(sci.electronics.cad)
Re: Defending ARP Spoofing
... >>The very best defense against ARP spoofing is to make sure your ... >>network design and security concept does not rely on MAC addresses for ... > flood the network, ...
(comp.security.misc)
Re: Defending ARP Spoofing
... on a static network ... network, including the usage of IEEE 802.X for authorization and to ... with Microsoft Windows static ARP entries are overwritten ...
(comp.security.misc)