Search This Blog

Friday, January 09, 2009

firewall-wizards Digest, Vol 33, Issue 1

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Windows dynamic ARP (James)


----------------------------------------------------------------------

Message: 1
Date: Wed, 7 Jan 2009 16:25:45 +1100
From: James <jimbob.coffey@gmail.com>
Subject: Re: [fw-wiz] Windows dynamic ARP
To: "Firewall Wizards Security Mailing List"
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<343aa4f80901062125v521e85deh7e963bc5dc55889f@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

>> Actually an easier way would be to use the requestedresponse filter in
>> Xarp. This only allows a response if your host generated a request.
>> If you are static mapping ip to mac you should never generate a
>> request.
>
>
> Unfortunately XArp can't really 'filter' (drop) the packets, but alert you.

I am sure you will correct me Chris (You did write the tool after all
;-) but I was under the impression the requestedresponse filter
actually dropped a response to the host Xarp is running on if the host
didn't issue an arp request ?

> I am currently working on a Linux port where writing a network driver for

wouldn't arptables
http://ebtables.sourceforge.net/arptables-man.html
be able to handle the linux side of things ?

> If you want to get an overview of mechanisms available for ARP attack
> detection, you can have a look at a (yet incomplete) presentation I once
> started: http://www.chrismc.de/development/xarp/arp_security_tools.html
> (http://www.chrismc.de/development/xarp/Securing_ARP_0_2_0.pdf)

You could also possibly include Cisco's Dynamic Arp Inspection (DAI)
in your line up of products. Sounds good on paper....


--
jac


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 33, Issue 1
***********************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)