arp poisoning

TheMSsForum.com: The Microsoft Software Forum

Hi to all of you.
I would like to know if in my network someone is doing arp poisoning.
How can I discover it ?
Thanks
CArlo
Top

Re: arp poisoning by S

S
Thu Mar 30 03:14:03 CST 2006

Use network intrusion detection system (NIDS) to monitor and alert. Snort
(www.snort.org) is good, and it is free - for now. However, the detection
capability is somewhat limited. More information - here:

https://www.linux-magazine.com/issue/56/ARP_Spoofing.pdf

Using effective layer 3 protection i.e. IPsec effectively mitigates the
risks of ARP poisoning. Port security (i.e. 802.1x) also is good against
this.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"IPGRI" <ipgri@news.postalias> wrote in message
news:u47cKk8UGHA.4384@tk2msftngp13.phx.gbl...
> Hi to all of you.
> I would like to know if in my network someone is doing arp poisoning.
> How can I discover it ?
> Thanks
> CArlo
>


Top

RE: arp poisoning by v-haozou

v-haozou
Thu Mar 30 04:01:27 CST 2006

Hello ,

Thank you for posting.

From your post, my understanding on this issue is: You want to know how to
discover arp poisoning in your LAN. If I'm off base, please feel free to
let me know.

Based on my research, there is a third party software that can discover
possible arp-poisoning by control arp answers.

Below is the link of the software: NAST
http://nast.berlios.de/

Note: This response contains references to third party World Wide Web
sites. Microsoft is providing this information as a convenience to you.
Microsoft does not control these sites and has not tested any software or
information found on these sites; therefore, Microsoft cannot make any
representations regarding the quality, safety, or suitability of any
software or information found there. There are inherent dangers in the use
of any software found on the Internet, and Microsoft cautions you to make
sure that you completely understand the risk before retrieving any software
from the Internet.

Please let me know if you have any other concerns or need anything else.

Sincerely,
Kenxl Zou
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>From: "IPGRI" <ipgri@news.postalias>
>Subject: arp poisoning
>Date: Thu, 30 Mar 2006 09:10:26 +0200
>Lines: 7
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>X-RFC2646: Format=Flowed; Original
>Message-ID: <u47cKk8UGHA.4384@tk2msftngp13.phx.gbl>
>Newsgroups: microsoft.public.security
>NNTP-Posting-Host: 83-103-94-4.ip.fastwebnet.it 83.103.94.4
>Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp1
3.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.security:84711
>X-Tomcat-NG: microsoft.public.security
>
>Hi to all of you.
>I would like to know if in my network someone is doing arp poisoning.
>How can I discover it ?
>Thanks
>CArlo
>
>
>

Top

Re: arp poisoning by noemails

noemails
Thu Mar 30 09:46:12 CST 2006

Just locking the server switch port to the MAC address of the server works
as well, although it can be a maintenance hassle if you're used to just
swapping cables around.

Ray

> Using effective layer 3 protection i.e. IPsec effectively mitigates the
> risks of ARP poisoning. Port security (i.e. 802.1x) also is good against
> this.


Top