Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Preventing ARP Cache poisoning

Posted on 2006-11-14
4
2,354 Views
Last Modified: 2013-11-13
I'd like to limit my network's exposure to ARP cache poisoning (by tools such as Cain & Abel).

So far, the only solution I have is to add static ARP cache entries for my servers, routers, firewall, etc. to each system, which is a nuisance for a few reasons:

1.  I have to maintain a table of each IP/MAC address
2.  Modifying the cache requires admin privileges

If that's my only solution, I'll likely write a script and have the systems run it on startup as a local admin user.

Are there any other solutions to prevent ARP cache poisoning?
0
Comment
Question by:shawnsouthern
  • 2
4 Comments
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 17939342
I ask such security feature since many years to some manufacturers such as Cisco and 3COM.  I never found any managed switch that offer ARP security. A very simple concept to be implemented whould be to have an ARP proxy service in departemental switches.  

Instead of having ARP broadcast travelling all the subnet, causing useless traffic, the switch would simply answer the request, detect MAC/IP spoofing and react proactively. It is unbelievable, but no layer3 switches have such feature yet in 2006!!!

Manually entering thoses MAC entries in each host take a lot of time. It will be a nightmare each time you have to change the network card or add a new host on the network.
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 17939379
If I have to, I'd only add ARP entries for the servers, routers, firewalls, etc.  I don't plan on doing it for each system - that would be extremely tedious, vs. somewhat tedious.

What I'd like to know is if there is something I can implement NOW to protect my systems, or am I stuck writing a script and deploying it?
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 17940479
Just to clarify, I'd use a script to manage the arp tables... I don't manually do ANYTHING... :)
0
 
LVL 6

Accepted Solution

by:
marce_lito earned 250 total points
ID: 17942410
to help prevent arp poisoning you can enable port security on the ports connected to the servers... the main reason to do this is to prevent arp spoofing (poisoning with a spoofed mac address) but it also helps preventing  the poisoning itself...

also, there's a linux program called arpwatch that logs arp mappings and can be set to report changes via email... it can be really helpful to see the guy responsible for the poisoning...

0

Featured Post

The New “Normal” in Modern Enterprise Operations

DevOps for the modern enterprise offers many benefits — increased agility, productivity, and more, but digital transformation isn’t easy, especially if you’re not addressing the right issues. Register for the webinar to dive into the “new normal” for enterprise modern ops.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question