On Thu, 3 Feb 2005, Paul Melson wrote: > A more manageable defense against ARP poisoning attacks is to configure your > switches to prevent against MAC address spoofing. Cisco switches, for > example, can statically map the MAC address of the interface connected to a > given port (good for servers), as well as limit the number of MAC addresses > that can appear on a given port (good for workstations, conference rooms, > hotel rooms, etc.).
802.1q and Cisco PVLAN's will suffice by segmentation to minimize the effects of programs like Cain and Abel. However, most people forget that at the core level any product be it a switch (layer 2 or 3) or router will still have to listen for broadcasts in order to get MAC information to delegate traffic. If someone just wanted to sit there and DoS your ARP tables to oblivion it wouldn't be hard. VLAN tagging has its insecurities as well. You could likely just roast someone's connection if you're on their segment as well via spoofing however you're limited to that segment. http://infiltrated.net/cisco/pvlans.html http://infiltrated.net/cisco/vlan-insecurities.html http://infiltrated.net/cisco/vlan-tagging-101.html http://infiltrated.net/cisco/vla-tagging.pdf =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x0D99C05C http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0D99C05C sil @ infiltrated . net http://www.infiltrated.net "How a man plays the game shows something of his character - how he loses shows all" - Mr. Luckey _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
