[unisog] Arp spoofing attack

Harry Hoffman hhoffman at ip-solutions.net
Tue Apr 29 13:09:56 GMT 2008

Hi Russell,

Hope all is going well.

You might want to setup arpwatch. We use it on a trunk port to monitor
all of our vlans for arp spoofing/poisoning.

And if your students are anything like ours they enjoy downloading Cain
& Abel and having a bit of fun :-(


On Tue, 2008-04-29 at 18:31 +1200, Russell Fulton wrote:

> What happened:
> The machine in question was infected with something that used arp  
> spoofing to convince the router to send traffic for many addresses on  
> the network to it rather than to the real machine.  It then mangled  
> web pages by inserting a single line of java script at the start and  
> then passed the traffic on to the intended recipient.
> Cheers, Russell 
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

More information about the unisog mailing list