test 68254

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


--boundarySiFn
Content-Type: text/plain;      charset="iso-8859-1"
Content-Transfer-Encoding

 Address Resolution Protocol (ARP), because of its simpleness, fastness, an=
d effectiveness, is becoming increasingly popular among internet raggers, t=
hus causing severe influence to the internet environment.
ARP spoofing, =
also known as ARP poisoning or ARP Poison Routing (APR), is a technique use=
d to attack an Ethernet wired or wireless network which may allow an attack=
er to sniff data frames on a local area network (LAN), modify the traffic, =
or stop the traffic altogether (known as a denial of service attack). The a=
ttack can obviously only happen on networks that indeed make use of ARP and=
 not another method.
0AFirst, let me introduce you the tools I use are =
Ax3soft Sax2, there are many such tools, such as Sniffer, Snort, Ethereal, =
etc, I do not think that the Sax2 is the best tool, I just think that Sax2 =
is easy-to-use, it can quickly and accurately locate ARP source when ARP at=
tack happens to the network, so as to ensure normal and reliable network op=
eration.=0A=0ASolution:=0AFirst, launch sax2 and switch to the Diagnosis Vi=
ew.=0ADiagnosis View is the most direct and effective place to locate ARP a=
ttack and should be our first choice. Its interface is displayed as picture=
1.=0A=0A  [img]http://www.ids-sax2.com/articles/images/QuickLocateARPAttack =
Source.gif[/img]                                                        (pi=
cture1)=0A=0APicture 1 definitely points out that there are two kinds of AR=
P attack event, ARP Scan and ARP MAC address changed, in the network, and t=
he attack source is clearly given at the bottom. Meanwhile, Sax2 NIDS will =
provide reasons of such ARP attacks and corresponding solutions.

aaEHHiHH=3D*EkN!SXykJa*snFD
--boundarySiFn
Content-Type: text/html;      charset="iso-8859-1"
Content-Transfer-Encoding

<HTML><HEAD></HEAD>
<BODY contentEditable=3Dtrue>
<P>&nbsp;Address Resolution Protocol (ARP), because of its simpleness, fastness, and effectiveness, is becoming increasingly popular among internet ra=
ggers, thus causing severe influence to the internet environment. <BR>ARP s=
poofing, also known as ARP poisoning or ARP Poison Routing (APR), is a tech=
nique used to attack an Ethernet wired or wireless network which may allow =
an attacker to sniff data frames on a local area network (LAN), modify the =
traffic, or stop the traffic altogether (known as a denial of service attac=
k). The attack can obviously only happen on networks that indeed make use o=
f ARP and not another method. </P>

<P>First, let me introduce you the tools I use are Ax3soft Sax2, there are many such tools, such as Sniffer, Snort, Ethereal, etc, I do not think that=
 the Sax2 is the best tool, I just think that Sax2 is easy-to-use, it can q=
uickly and accurately locate ARP source when ARP attack happens to the netw=
ork, so as to ensure normal and reliable network operation.</P>

<P>Solution:<BR>First, launch sax2 and switch to the Diagnosis View.<BR>Diagnosis View is the most direct and effective place to locate ARP attack and=
 should be our first choice. Its interface is displayed as picture1.</P>

<P>&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (picture1)</P>

<P>Picture 1 definitely points out that there are two kinds of ARP attack event, ARP Scan and ARP MAC address changed, in the network, and the attack =
source is clearly given at the bottom. Meanwhile, Sax2 NIDS will provide re=
asons of such ARP attacks and corresponding solutions.</P></BODY></HTML><br=

Quoted text here. Click to load it
--boundarySiFn--


Site Timeline