need Switch offering ARP based attacks detection

I need Switch that offer ARP proxy services and that use its database to detect ARP based attack and drop physical port

Reading cisco and 3COM documentation, i didnt found appliance that detect IP collision (same IP used by 2 physical port / MAC address). Switches with ARP proxy services already have all information to do that.

Will increase points if good answer is received
LVL 8
Danny_LaroucheAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hstilesCommented:
This is a very interesting topic and one that was raised in detail at a recent course I attended.  From some time spent scouring the internet the answer is sort of no.

Everything I have read points towards using a mixture of physical and network security to mitigate the effects of someone performing an ARP based attack on your network

These include:

1) Placing your core infrastructure on a seperate subnet so that clients have to use IP rather than ARP to communicate.  This would protect against sniffing attacks between clients and servers

2) Implementing an IPS to alert for suspicious MAC address activity on the network.  However, this method appears to generate many flase positives in a DHCP environment.  If you opt to disable a port whenever this happens, you could find yourself with an administrative nightmare.

Danny_LaroucheAuthor Commented:
Hi Hstiles,

It`s fine to know that i am not alone in this security requirement and that there is other people looking for similar solution.  Effectively i also did a lot of search on the WEB to find such solution. The network segmentation is interesting but is against the 80/20 rules.  The IPS solution is already used by some firewall linked on the switch array`s mirror port. Secudos offer interesting appliance with such protection and much more. But IMHO the logical solution is that managed switches should take care of it.

I will attend to a security course in few days and will discuss about that.

hstilesCommented:
Until someone develops a more robust mechanism and security conscious mechanism than ARP, the only thing that will render MITM attacks largely useless is encryption.  If you encrypt packets on the network, they can't be sniffed, or rather they can, but they can't be easily interpreted.

That Arp-Guard product looks interesting.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.