Arp poisoning

blak111 · Nov 3, 2008, 6:41 PM

Does anyone have any suggestions to watch for arp attacks that create a man-in-the-middle situation by directing all traffic to a single host? Cain an abel is a pain in my a$$. Right now I have a computer with a membership in every vlan watching for arp broadcast floods so I can track them.

nocer · Nov 15, 2008, 2:12 PM

Hi,

Have you tried arpwatch? It's quite simple and straight.

cheers,

blak111 · Nov 16, 2008, 8:42 AM

Yeah, that's what it's come down to. Arpfetch to watch arp tables on routers.

nocer · Nov 16, 2008, 12:47 PM

Hi,

Good for you. Keep in mind that, suppose you're using snmp then it will consume some significant resources and sometime kills router/switch so easily. I killed my cisco several times while fetching arp cache :P so careful.

cheers,

blak111 · Nov 17, 2008, 3:07 AM

Yeah, been keeping an eye on that because I already retrieve traffic statistics from them using SNMP.