[c-nsp] ARP/MAC spoofing protection from a bad nic
Kevin Graham
mahargk at gmail.com
Fri Jan 5 22:19:52 EST 2007
On 1/5/07, Jeff Kell <jeff-kell at utc.edu> wrote:
> Sounds more like ettercap (hacking tool) to me.
Much agreed; almost certainly the only thing bad about this NIC is the
compromised machine its in.
> afsheenb at gravityplaysfavorites.net wrote:
> > That being said, you'll probably want to implement port security.
>
> Won't help this case -- that limits the port to one source MAC address,
> which is what it is doing (but spoofing the source IP).
...which is where Dynamic ARP Inspection comes in:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/dynarp.htm
More information about the cisco-nsp
mailing list