Solved

Preventing ARP Cache poisoning

Posted on 2006-11-14
4
2,353 Views
Last Modified: 2013-11-13
I'd like to limit my network's exposure to ARP cache poisoning (by tools such as Cain & Abel).

So far, the only solution I have is to add static ARP cache entries for my servers, routers, firewall, etc. to each system, which is a nuisance for a few reasons:

1.  I have to maintain a table of each IP/MAC address
2.  Modifying the cache requires admin privileges

If that's my only solution, I'll likely write a script and have the systems run it on startup as a local admin user.

Are there any other solutions to prevent ARP cache poisoning?
0
Comment
Question by:shawnsouthern
  • 2
4 Comments
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 17939342
I ask such security feature since many years to some manufacturers such as Cisco and 3COM.  I never found any managed switch that offer ARP security. A very simple concept to be implemented whould be to have an ARP proxy service in departemental switches.  

Instead of having ARP broadcast travelling all the subnet, causing useless traffic, the switch would simply answer the request, detect MAC/IP spoofing and react proactively. It is unbelievable, but no layer3 switches have such feature yet in 2006!!!

Manually entering thoses MAC entries in each host take a lot of time. It will be a nightmare each time you have to change the network card or add a new host on the network.
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 17939379
If I have to, I'd only add ARP entries for the servers, routers, firewalls, etc.  I don't plan on doing it for each system - that would be extremely tedious, vs. somewhat tedious.

What I'd like to know is if there is something I can implement NOW to protect my systems, or am I stuck writing a script and deploying it?
0
 
LVL 1

Author Comment

by:shawnsouthern
ID: 17940479
Just to clarify, I'd use a script to manage the arp tables... I don't manually do ANYTHING... :)
0
 
LVL 6

Accepted Solution

by:
marce_lito earned 250 total points
ID: 17942410
to help prevent arp poisoning you can enable port security on the ports connected to the servers... the main reason to do this is to prevent arp spoofing (poisoning with a spoofed mac address) but it also helps preventing  the poisoning itself...

also, there's a linux program called arpwatch that logs arp mappings and can be set to report changes via email... it can be really helpful to see the guy responsible for the poisoning...

0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
adding a printer to QAD 10 68
VMware 6.0 3 72
EIGRP - redistribute without the default route 5 37
QoS for Voip 7 40
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question