Improve company productivity with a Business Account.Sign Up

x
?
Solved

Preventing ARP Cache poisoning

Posted on 2006-11-14
4
Medium Priority
?
2,388 Views
Last Modified: 2013-11-13
I'd like to limit my network's exposure to ARP cache poisoning (by tools such as Cain & Abel).

So far, the only solution I have is to add static ARP cache entries for my servers, routers, firewall, etc. to each system, which is a nuisance for a few reasons:

1.  I have to maintain a table of each IP/MAC address
2.  Modifying the cache requires admin privileges

If that's my only solution, I'll likely write a script and have the systems run it on startup as a local admin user.

Are there any other solutions to prevent ARP cache poisoning?
0
Comment
Question by:shawnsouthern
  • 2
4 Comments
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 17939342
I ask such security feature since many years to some manufacturers such as Cisco and 3COM.  I never found any managed switch that offer ARP security. A very simple concept to be implemented whould be to have an ARP proxy service in departemental switches.  

Instead of having ARP broadcast travelling all the subnet, causing useless traffic, the switch would simply answer the request, detect MAC/IP spoofing and react proactively. It is unbelievable, but no layer3 switches have such feature yet in 2006!!!

Manually entering thoses MAC entries in each host take a lot of time. It will be a nightmare each time you have to change the network card or add a new host on the network.
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 17939379
If I have to, I'd only add ARP entries for the servers, routers, firewalls, etc.  I don't plan on doing it for each system - that would be extremely tedious, vs. somewhat tedious.

What I'd like to know is if there is something I can implement NOW to protect my systems, or am I stuck writing a script and deploying it?
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 17940479
Just to clarify, I'd use a script to manage the arp tables... I don't manually do ANYTHING... :)
0
 
LVL 6

Accepted Solution

by:
marce_lito earned 750 total points
ID: 17942410
to help prevent arp poisoning you can enable port security on the ports connected to the servers... the main reason to do this is to prevent arp spoofing (poisoning with a spoofed mac address) but it also helps preventing  the poisoning itself...

also, there's a linux program called arpwatch that logs arp mappings and can be set to report changes via email... it can be really helpful to see the guy responsible for the poisoning...

0

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

602 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question