[unisog] Arp spoofing attack
Harry Hoffman
hhoffman at ip-solutions.net
Tue Apr 29 13:09:56 GMT 2008
Hi Russell,
Hope all is going well.
You might want to setup arpwatch. We use it on a trunk port to monitor
all of our vlans for arp spoofing/poisoning.
And if your students are anything like ours they enjoy downloading Cain
& Abel and having a bit of fun :-(
Cheers,
Harry
On Tue, 2008-04-29 at 18:31 +1200, Russell Fulton wrote:
>
> What happened:
>
> The machine in question was infected with something that used arp
> spoofing to convince the router to send traffic for many addresses on
> the network to it rather than to the real machine. It then mangled
> web pages by inserting a single line of java script at the start and
> then passed the traffic on to the intended recipient.
>
> Cheers, Russell
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
More information about the unisog
mailing list