[c-nsp] ARP/MAC spoofing protection from a bad nic

Kevin Graham mahargk at gmail.com
Fri Jan 5 22:19:52 EST 2007


On 1/5/07, Jeff Kell <jeff-kell at utc.edu> wrote:

> Sounds more like ettercap (hacking tool) to me.

Much agreed; almost certainly the only thing bad about this NIC is the
compromised machine its in.

> afsheenb at gravityplaysfavorites.net wrote:
> > That being said, you'll probably want to implement port security.
>
> Won't help this case -- that limits the port to one source MAC address,
> which is what it is doing (but spoofing the source IP).

...which is where Dynamic ARP Inspection comes in:

   http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/dynarp.htm


More information about the cisco-nsp mailing list