Ray Olszewski wrote:
> You can improve security a bit by checking the arp table regularly (every
> minute or so) to make sure the (claimed) arp address of the system using an
> IP address has not changed. This forces an attacket to use link-level
> spoofing, not IP-level spoofing.
arpwatch will do this on a regular basis, logging the results of
changes, new stations, or "flipflops" to syslog as well as sending an
email with all the details (including the maker of the network card if
known).
This is included, I believe, among the Oxygen packages directory, and
probably on one of the network tools disks.
I use it regularly at work, despite all of the noise from using DHCP for
all of our workstations :-)
I use syslog-ng to help filter out the interesting ones, then it pages
me...
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
