Solved

Preventing ARP Cache poisoning

Posted on 2006-11-14
4
2,350 Views
Last Modified: 2013-11-13
I'd like to limit my network's exposure to ARP cache poisoning (by tools such as Cain & Abel).

So far, the only solution I have is to add static ARP cache entries for my servers, routers, firewall, etc. to each system, which is a nuisance for a few reasons:

1.  I have to maintain a table of each IP/MAC address
2.  Modifying the cache requires admin privileges

If that's my only solution, I'll likely write a script and have the systems run it on startup as a local admin user.

Are there any other solutions to prevent ARP cache poisoning?
0
Comment
Question by:shawnsouthern
  • 2
4 Comments
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 17939342
I ask such security feature since many years to some manufacturers such as Cisco and 3COM.  I never found any managed switch that offer ARP security. A very simple concept to be implemented whould be to have an ARP proxy service in departemental switches.  

Instead of having ARP broadcast travelling all the subnet, causing useless traffic, the switch would simply answer the request, detect MAC/IP spoofing and react proactively. It is unbelievable, but no layer3 switches have such feature yet in 2006!!!

Manually entering thoses MAC entries in each host take a lot of time. It will be a nightmare each time you have to change the network card or add a new host on the network.
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 17939379
If I have to, I'd only add ARP entries for the servers, routers, firewalls, etc.  I don't plan on doing it for each system - that would be extremely tedious, vs. somewhat tedious.

What I'd like to know is if there is something I can implement NOW to protect my systems, or am I stuck writing a script and deploying it?
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 17940479
Just to clarify, I'd use a script to manage the arp tables... I don't manually do ANYTHING... :)
0
 
LVL 6

Accepted Solution

by:
marce_lito earned 250 total points
ID: 17942410
to help prevent arp poisoning you can enable port security on the ports connected to the servers... the main reason to do this is to prevent arp spoofing (poisoning with a spoofed mac address) but it also helps preventing  the poisoning itself...

also, there's a linux program called arpwatch that logs arp mappings and can be set to report changes via email... it can be really helpful to see the guy responsible for the poisoning...

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now