Solved

Preventing ARP Cache poisoning

Posted on 2006-11-14
4
2,359 Views
Last Modified: 2013-11-13
I'd like to limit my network's exposure to ARP cache poisoning (by tools such as Cain & Abel).

So far, the only solution I have is to add static ARP cache entries for my servers, routers, firewall, etc. to each system, which is a nuisance for a few reasons:

1.  I have to maintain a table of each IP/MAC address
2.  Modifying the cache requires admin privileges

If that's my only solution, I'll likely write a script and have the systems run it on startup as a local admin user.

Are there any other solutions to prevent ARP cache poisoning?
0
Comment
Question by:shawnsouthern
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 17939342
I ask such security feature since many years to some manufacturers such as Cisco and 3COM.  I never found any managed switch that offer ARP security. A very simple concept to be implemented whould be to have an ARP proxy service in departemental switches.  

Instead of having ARP broadcast travelling all the subnet, causing useless traffic, the switch would simply answer the request, detect MAC/IP spoofing and react proactively. It is unbelievable, but no layer3 switches have such feature yet in 2006!!!

Manually entering thoses MAC entries in each host take a lot of time. It will be a nightmare each time you have to change the network card or add a new host on the network.
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 17939379
If I have to, I'd only add ARP entries for the servers, routers, firewalls, etc.  I don't plan on doing it for each system - that would be extremely tedious, vs. somewhat tedious.

What I'd like to know is if there is something I can implement NOW to protect my systems, or am I stuck writing a script and deploying it?
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 17940479
Just to clarify, I'd use a script to manage the arp tables... I don't manually do ANYTHING... :)
0
 
LVL 6

Accepted Solution

by:
marce_lito earned 250 total points
ID: 17942410
to help prevent arp poisoning you can enable port security on the ports connected to the servers... the main reason to do this is to prevent arp spoofing (poisoning with a spoofed mac address) but it also helps preventing  the poisoning itself...

also, there's a linux program called arpwatch that logs arp mappings and can be set to report changes via email... it can be really helpful to see the guy responsible for the poisoning...

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question