[c-nsp] against arp spoofing
Network Fortius
netfortius at gmail.com
Sat May 28 15:41:57 EDT 2005
Not that it addresses your request, per se, but I have sniffers
placed in strategic locations (spanned ports in various locations,
taps, etc.), and I am using simple email to my account, from a couple
of the tools from here: http://tinyurl.com/8bjtl (at first - just
arpwatch, whcih was still enough) . I treat abusers (breaking the ARP
poisoning rules) as strong as abusing Internet communication, in my
users environment: two strikes (I always consider the first along the
lines of "user did not know what he was doing ..."), and you're out
of my network.
Stef
On May 28, 2005, at 2:05 PM, Gert Doering wrote:
> Hi,
>
> On Sat, May 28, 2005 at 08:54:38PM +0200, Gert Doering wrote:
>
>> There are some features in the newer Cisco switches that can achieve
>> this (by snooping DHCP packets, and permitting only IPs and MACs that
>> are "permitted by DHCP"), but that's something on top of pVLANs - not
>> something they bring in by default, and not something that helps you
>> much if you don't use DHCP for IP assignment.
>>
>
> Well, for the sake of completeness. The feature is called
> "ip source guard", and is available on switchports (not routed-ports)
> on about all recent catalyst platforms.
>
> It works by snooping DHCP, or by pre-assigning static MAC <-> IP
> bindings
> (which is a lot of work and needs to updated every time a customer
> changes his machine, network card, whatever).
>
> We'll stick to "one VLAN per customer".
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
> //
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> gert at greenie.muc.de
> fax: +49-89-35655025 gert at net.informatik.tu-
> muenchen.de
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list