Do you have a question? Post it now! No Registration Necessary. Now with pictures!
March 6, 2009, 3:38 am
rate this thread
Content-Type: text/plain; charset="iso-8859-1"
Content-Type: text/html; charset="iso-8859-1"
<P> Address Resolution Protocol (ARP), because of its simpleness, fastness, and effectiveness, is becoming increasingly popular among internet ra=
ggers, thus causing severe influence to the internet environment. <BR>ARP s=
poofing, also known as ARP poisoning or ARP Poison Routing (APR), is a tech=
nique used to attack an Ethernet wired or wireless network which may allow =
an attacker to sniff data frames on a local area network (LAN), modify the =
traffic, or stop the traffic altogether (known as a denial of service attac=
k). The attack can obviously only happen on networks that indeed make use o=
f ARP and not another method. </P>
<P>First, let me introduce you the tools I use are Ax3soft Sax2, there are many such tools, such as Sniffer, Snort, Ethereal, etc, I do not think that=
the Sax2 is the best tool, I just think that Sax2 is easy-to-use, it can q=
uickly and accurately locate ARP source when ARP attack happens to the netw=
ork, so as to ensure normal and reliable network operation.</P>
<P>Solution:<BR>First, launch sax2 and switch to the Diagnosis View.<BR>Diagnosis View is the most direct and effective place to locate ARP attack and=
should be our first choice. Its interface is displayed as picture1.</P>
<P>Picture 1 definitely points out that there are two kinds of ARP attack event, ARP Scan and ARP MAC address changed, in the network, and the attack =
source is clearly given at the bottom. Meanwhile, Sax2 NIDS will provide re=
asons of such ARP attacks and corresponding solutions.</P></BODY></HTML><br=
- » Detect ARP poisoning(ARP spoofing) & ARP flooding 18019
- — Previous thread in » Anti-Virus Software