need Switch offering ARP based attacks detection

I need Switch that offer ARP proxy services and that use its database to detect ARP based attack and drop physical port

Reading cisco and 3COM documentation, i didnt found appliance that detect IP collision (same IP used by 2 physical port / MAC address). Switches with ARP proxy services already have all information to do that.

Will increase points if good answer is received
LVL 8
Danny_LaroucheAsked:
Who is Participating?
 
hstilesCommented:
Until someone develops a more robust mechanism and security conscious mechanism than ARP, the only thing that will render MITM attacks largely useless is encryption.  If you encrypt packets on the network, they can't be sniffed, or rather they can, but they can't be easily interpreted.

That Arp-Guard product looks interesting.
0
 
hstilesCommented:
This is a very interesting topic and one that was raised in detail at a recent course I attended.  From some time spent scouring the internet the answer is sort of no.

Everything I have read points towards using a mixture of physical and network security to mitigate the effects of someone performing an ARP based attack on your network

These include:

1) Placing your core infrastructure on a seperate subnet so that clients have to use IP rather than ARP to communicate.  This would protect against sniffing attacks between clients and servers

2) Implementing an IPS to alert for suspicious MAC address activity on the network.  However, this method appears to generate many flase positives in a DHCP environment.  If you opt to disable a port whenever this happens, you could find yourself with an administrative nightmare.

0
 
Danny_LaroucheAuthor Commented:
Hi Hstiles,

It`s fine to know that i am not alone in this security requirement and that there is other people looking for similar solution.  Effectively i also did a lot of search on the WEB to find such solution. The network segmentation is interesting but is against the 80/20 rules.  The IPS solution is already used by some firewall linked on the switch array`s mirror port. Secudos offer interesting appliance with such protection and much more. But IMHO the logical solution is that managed switches should take care of it.

I will attend to a security course in few days and will discuss about that.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.