[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [NETVAERK] Arp poisoning detection



Anders Bruun Olsen wrote:

> On Sun, Mar 06, 2005 at 04:48:02PM +0100, Christian Iversen wrote:
>> > Jeg har nogle gange hjulpet til med at opsætte og drive computer
>> > parties og de sidste par gange er nogle lidt uheldige problemer begyndt
>> > at dukke op på netværket vi opsætter. Der er nemlig nogen gange nogle
>> > som får et akut tilfælde af scriptkiddie-itis og med programmer såsom
>> > Cain laver arp-poisoning for at sniffe passwords på netværket (som er
>> > switched). Hvilket resulterer i at netværket nærmest lægger sig
>> > fuldkommen ned og nægter at fungere ordentligt.
>> > Hvad er de bedste muligheder jeg har for at kunne opdage og spore
>> > sådanne tåbeligheder?
>> > Og generelt hvilke forsvarsmuligheder er der?
>> Kan du ikke sætte et script til at lave ARP-opslag på din gateway, og så
>> alarmere hvis adressen ændrer sig?
> 
> Det skulle jeg mene at arpwatch kan gøre for mig. Problemet er sådan set
> ikke så meget at opdage at det sker, men derimod at spore det og så har
> jeg fundet arp* (ArpStar) som er et linux kernel modul der skulle kunne
> beskytte imod ARP Poisoning, men det er vel kun den enkelte linuxmaskine
> der kører med det modul som er beskyttet går jeg ud fra.
> Alle de stakkels gamere der sidder med deres Windows maskiner er vel
> stadig sårbare...

Ja, men når det sker kan du vel slå din gateway op i arp, for at se hvem der
leger router?

-- 
Mvh
Christian Iversen


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 22:42 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *