[unisog] Arp Spoofing

Mark Boolootian booloo at ucsc.edu
Tue Apr 29 19:34:30 GMT 2008


> I don't think port security will mitigate arp spoofing/arp poisoning.
> My understanding is that the attack is executed with still only one mac
> address on the port.  The machine performing the attack sends out
> gratuitious arp replies to fool the router into thinking a certain ip
> address or addresses belong to its mac address.

The place where things get noisy is the router - you end up with
lots of ARP cache entries that all point to the same MAC address.
That noise can make it relatively easy to monitor for such behavior.
Attacks that are targetted against an individual system seem a bit
more troubling to me.


More information about the unisog mailing list