Arp poisoning
-
Does anyone have any suggestions to watch for arp attacks that create a man-in-the-middle situation by directing all traffic to a single host? Cain an abel is a pain in my a$$. Right now I have a computer with a membership in every vlan watching for arp broadcast floods so I can track them.
-
Hi,
Have you tried arpwatch? It's quite simple and straight.
cheers,
-
Yeah, that's what it's come down to. Arpfetch to watch arp tables on routers.
-
Hi,
Good for you. Keep in mind that, suppose you're using snmp then it will consume some significant resources and sometime kills router/switch so easily. I killed my cisco several times while fetching arp cache :P so careful.
cheers,
-
Yeah, been keeping an eye on that because I already retrieve traffic statistics from them using SNMP.