[c-nsp] ARP/MAC spoofing protection from a bad nic

David Prall dcp at dcptech.com
Fri Jan 5 22:26:50 EST 2007


You can look at Dynamic Arp Inspection (DAI). I haven't played with it as of
yet. I'm thinking that it requires DHCP Snooping to be involved as well,
which could make it an issue for statically configured servers.

Another option would be to statically code ARP entries, but this is
difficult at best.

--
http://dcp.dcptech.com


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jeff Kell
> Sent: Friday, January 05, 2007 9:50 PM
> To: Joseph Jackson
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] ARP/MAC spoofing protection from a bad nic
>
> Joseph Jackson wrote:
> >             Earlier today we had what seems to be a NIC in
> a server go
> > bad and started answering with its mac address for every IP
> within its
> > subnet.  Of course this caused a massive LAN meltdown which
> wasn't all
> > that fun.
> Sounds more like ettercap (hacking tool) to me.
>
> afsheenb at gravityplaysfavorites.net wrote:
> > That being said, you'll probably want to implement port security.
>
> Won't help this case -- that limits the port to one source
> MAC address, which is what it is doing (but spoofing the source IP).
>
> Jeff
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list