[c-nsp] against arp spoofing
Levent Ogut
levent.ogut at gmail.com
Sat May 28 07:28:19 EDT 2005
You may also implement private-vlans (cisco term)
Detaily explained in rfc3069
Basically you create sub vlans which share a vlan (ip subnet) ,
you can create smaller broadcast domains in this shared vlan.
On 5/28/05, Monty Ree <montyree2 at yahoo.com> wrote:
> Hello, all.
>
> I'm a begineer of the list and network.
> I have read some articles that attacker can do sniffing in spite of switch environment, or do Dos using arp spoofing.(some weeks ago, an attacker sent spoofed mac address to broadcast , so all network was down.)
>
> So I would like to set static arp like below at my router or L3 switch.
>
> config)#arp 1.1.1.1 aaaa:aaaa:aaaa
>
> But I have about 800 machines, if when I set all 800 arps like above, router requires more memory or not..? Is it a bad idea?
> What do you do against arp spoofing? port security?
>
>
> Thanks in advance.
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list