SysChat

SysChat (http://www.syschat.com/forum.php)
-   Computer Security (http://www.syschat.com/software-support/computer-security/)
-   -   Detect ARP poisoning(ARP spoofing) & ARP flooding (http://www.syschat.com/detect-arp-poisoning-arp-spoofing-arp-4289.html)

DevidHuang 02-15-2009 09:10 AM

Detect ARP poisoning(ARP spoofing) & ARP flooding
 
Address Resolution Protocol (ARP), because of its simpleness, fastness, and effectiveness, is becoming increasingly popular among internet raggers, thus causing severe influence to the internet environment.
ARP spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network which may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether (known as a denial of service attack). The attack can obviously only happen on networks that indeed make use of ARP and not another method.
With Ax3soft Sax2, we can quickly and accurately locate ARP source when ARP attack happens to the network, so as to ensure normal and reliable network operation.

Solution:

Diagnosis View is the most direct and effective place to locate ARP attack and should be our first choice. Its interface is displayed as picture1.

http://www.ids-sax2.com/articles/ima...tackSource.gif (picture1)

Picture 1 definitely points out that there are two kinds of ARP attack event, ARP Scan and ARP MAC address changed, in the network, and the attack source is clearly given at the bottom. Meanwhile, Sax2 NIDS will provide reasons of such ARP attacks and corresponding solutions.


All times are GMT -4. The time now is 07:03 PM.


Copyright © 2005-2013 SysChat.com


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54