[unisog] Arp spoofing attack
hhoffman at ip-solutions.net
Tue Apr 29 13:09:56 GMT 2008
Hope all is going well.
You might want to setup arpwatch. We use it on a trunk port to monitor
all of our vlans for arp spoofing/poisoning.
And if your students are anything like ours they enjoy downloading Cain
& Abel and having a bit of fun :-(
On Tue, 2008-04-29 at 18:31 +1200, Russell Fulton wrote:
> What happened:
> The machine in question was infected with something that used arp
> spoofing to convince the router to send traffic for many addresses on
> the network to it rather than to the real machine. It then mangled
> web pages by inserting a single line of java script at the start and
> then passed the traffic on to the intended recipient.
> Cheers, Russell
> unisog mailing list
> unisog at lists.dshield.org
More information about the unisog