Cisco switches support MAC address locking, meaning that a given port on a switch won't let traffic through unless source MAC address is the one it knows. This is similar in function on UNIX's /etc/ethers I suppose. At the interface config option issue "port secure" command, then you can either let the switch learn MAC's and lock them in, or you can do static MAC-IP mapping. If switch sees traffic that doesn't belong on a specific port, it will either 1. suspend the port for some time 2. disable port till you re-enable it 3. do nothing but log the bogus traffic your choice. Don't remember how to do all of it off the top of my head, so look on cisco's site for docs. Max On 15 May 2002, Vs Metal wrote: > Date: 15 May 2002 15:30:04 -0000 > From: Vs Metal <vserpoulat_private> > To: pen-testat_private > Subject: Config cisco switches against arpspoofing > > > > I wanna know if there is a definite LAYER 2 ( switch ) > configuration to disable this attack ( root@linux # > arpspoof -t... ). I heard about private VLANs, but this > solution doesn't really suit customers'demand. Does anyone > know another way to disable it ? > > thx a lot > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri May 17 2002 - 16:51:58 PDT