Re: against illegal arp update

From: Greg A. Woods (woodsat_private)
Date: Tue Mar 11 2003 - 15:26:19 PST

Next message: kyleat_private: "DeLoder technical analysis"

Previous message: SecurIT Informatique Inc.: "Tool announce : LogAgent 3.0 (Open source and Pro versions)"
In reply to: Cedric Blancher: "Re: against illegal arp update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ On , March 11, 2003 at 10:19:24 (+0100), Cedric Blancher wrote: ]
> Subject: Re: against illegal arp update
>
> Arpwatch is a tool that monitors ethernet trafic in order to detect
> MAC/IP couples and spot changes. In a switched environment, this can
> only be done on ethernet broadcast stuff.

s/switched/bridged/  -- switches are just multi-port bridges.  :-)

Also, for any SNMP-managed switch or bridge it's possible to monitor all
MAC/IP assignments on any connected networks using something like
arpsnmp, which is part of the ARPwatch package distribted by LBL.

	ftp://ftp.ee.lbl.gov/arpwatch.tar.gz

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woodsat_private>;           <woodsat_private>
Planix, Inc. <woodsat_private>; VE3TCP; Secrets of the Weird <woodsat_private>

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

Next message: kyleat_private: "DeLoder technical analysis"
Previous message: SecurIT Informatique Inc.: "Tool announce : LogAgent 3.0 (Open source and Pro versions)"
In reply to: Cedric Blancher: "Re: against illegal arp update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 12 2003 - 07:59:15 PST