Apologies. I just clarified this with one of our engineers. In the process of identifying the issue our engineers performed packet dumps at various locations within our network. In one of the packet dumps 65% of the packets that were captured were ARP requests. So, whether what our engineer said as unclear, or I simply misunderstood him; either way there was a miscommunication, and I sincerely apologize for that. I did confirm again that the target was a Chase-owned IP address, but figuring out the details of what was being attacked wasn't our focus. We simply wanted to stop it.
Warm Regards, Jordan Michaels On 01/29/2014 12:49 AM, Jochem van Dieten wrote: > > On Wed, Jan 29, 2014 at 2:28 AM, Russ Michaels wrote: > >> perhaps this will help. >> http://www.watchguard.com/infocenter/editorial/135324.asp > > > That is the traditional ARP attack in which the request is broadcasted and > the reply has the IP address. That has the consequence of redirecting > normal, local traffic to the spoofed address. > That does nothing to explain how you flood ARP requests to an IP address. > ARP runs on ethernet, not on IP, so it can not have an IP address as a > destination, only an ethernet address. > > Jochem > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357521 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
