[c-nsp] ARP/MAC spoofing protection from a bad nic
Jeff Kell
jeff-kell at utc.edu
Fri Jan 5 21:49:54 EST 2007
Joseph Jackson wrote:
> Earlier today we had what seems to be a NIC in a server go
> bad and started answering with its mac address for every IP within its
> subnet. Of course this caused a massive LAN meltdown which wasn't all
> that fun.
Sounds more like ettercap (hacking tool) to me.
afsheenb at gravityplaysfavorites.net wrote:
> That being said, you'll probably want to implement port security.
Won't help this case -- that limits the port to one source MAC address,
which is what it is doing (but spoofing the source IP).
Jeff
More information about the cisco-nsp
mailing list