Re: Config cisco switches against arpspoofing

From: Max (max@neuropunks.org)
Date: Thu May 16 2002 - 15:58:51 EDT


Cisco switches support MAC address locking, meaning that a given port on a
switch won't let traffic through unless source MAC address is the one it
knows.
This is similar in function on UNIX's /etc/ethers I suppose.
At the interface config option issue "port secure" command, then you can
either let the switch learn MAC's and lock them in, or you can do static
MAC-IP mapping. If switch sees traffic that doesn't belong on a specific
port, it will either
1. suspend the port for some time
2. disable port till you re-enable it
3. do nothing but log the bogus traffic
your choice.
Don't remember how to do all of it off the top of my head, so look on
cisco's site for docs.

Max

On 15 May 2002, Vs Metal wrote:

> Date: 15 May 2002 15:30:04 -0000
> From: Vs Metal <vserpoul@isep.fr>
> To: pen-test@securityfocus.com
> Subject: Config cisco switches against arpspoofing
>
>
>
> I wanna know if there is a definite LAYER 2 ( switch )
> configuration to disable this attack ( root@linux #
> arpspoof -t... ). I heard about private VLANs, but this
> solution doesn't really suit customers'demand. Does anyone
> know another way to disable it ?
>
> thx a lot
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:21 EDT