[c-nsp] against arp spoofing

Network Fortius netfortius at gmail.com
Sat May 28 15:41:57 EDT 2005


Not that it addresses your request, per se, but I have sniffers  
placed in strategic locations (spanned ports in various locations,  
taps, etc.), and I am using simple email to my account, from a couple  
of the tools from here:  http://tinyurl.com/8bjtl (at first - just  
arpwatch, whcih was still enough) . I treat abusers (breaking the ARP  
poisoning rules) as strong as abusing Internet communication, in my  
users environment: two strikes (I always consider the first along the  
lines of "user did not know what he was doing ..."), and you're out  
of my network.

Stef

On May 28, 2005, at 2:05 PM, Gert Doering wrote:

> Hi,
>
> On Sat, May 28, 2005 at 08:54:38PM +0200, Gert Doering wrote:
>
>> There are some features in the newer Cisco switches that can achieve
>> this (by snooping DHCP packets, and permitting only IPs and MACs that
>> are "permitted by DHCP"), but that's something on top of pVLANs - not
>> something they bring in by default, and not something that helps you
>> much if you don't use DHCP for IP assignment.
>>
>
> Well, for the sake of completeness.  The feature is called
> "ip source guard", and is available on switchports (not routed-ports)
> on about all recent catalyst platforms.
>
> It works by snooping DHCP, or by pre-assigning static MAC <-> IP  
> bindings
> (which is a lot of work and needs to updated every time a customer
> changes his machine, network card, whatever).
>
> We'll stick to "one VLAN per customer".
>
> gert
> -- 
> USENET is *not* the non-clickable part of WWW!
>                                                            // 
> www.muc.de/~gert/
> Gert Doering - Munich, Germany                              
> gert at greenie.muc.de
> fax: +49-89-35655025                        gert at net.informatik.tu- 
> muenchen.de
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list