[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


need Switch offering ARP based attacks detection

Posted on 2006-04-06
Medium Priority
Last Modified: 2010-04-11
I need Switch that offer ARP proxy services and that use its database to detect ARP based attack and drop physical port

Reading cisco and 3COM documentation, i didnt found appliance that detect IP collision (same IP used by 2 physical port / MAC address). Switches with ARP proxy services already have all information to do that.

Will increase points if good answer is received
Question by:Danny_Larouche
  • 2
LVL 13

Expert Comment

ID: 16434260
This is a very interesting topic and one that was raised in detail at a recent course I attended.  From some time spent scouring the internet the answer is sort of no.

Everything I have read points towards using a mixture of physical and network security to mitigate the effects of someone performing an ARP based attack on your network

These include:

1) Placing your core infrastructure on a seperate subnet so that clients have to use IP rather than ARP to communicate.  This would protect against sniffing attacks between clients and servers

2) Implementing an IPS to alert for suspicious MAC address activity on the network.  However, this method appears to generate many flase positives in a DHCP environment.  If you opt to disable a port whenever this happens, you could find yourself with an administrative nightmare.


Author Comment

ID: 16437005
Hi Hstiles,

It`s fine to know that i am not alone in this security requirement and that there is other people looking for similar solution.  Effectively i also did a lot of search on the WEB to find such solution. The network segmentation is interesting but is against the 80/20 rules.  The IPS solution is already used by some firewall linked on the switch array`s mirror port. Secudos offer interesting appliance with such protection and much more. But IMHO the logical solution is that managed switches should take care of it.

I will attend to a security course in few days and will discuss about that.

LVL 13

Accepted Solution

hstiles earned 250 total points
ID: 16437612
Until someone develops a more robust mechanism and security conscious mechanism than ARP, the only thing that will render MITM attacks largely useless is encryption.  If you encrypt packets on the network, they can't be sniffed, or rather they can, but they can't be easily interpreted.

That Arp-Guard product looks interesting.

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question