A Windows 98 & ME forum. Win98banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Win98banter forum » Windows ME » Networking
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

Detect ARP poisoning(ARP spoofing) & ARP flooding



 
 
Thread Tools Display Modes
  #1  
Old March 9th 09, 02:39 AM posted to microsoft.public.windowsme.networking
Andy.h
External Usenet User
 
Posts: 1
Default Detect ARP poisoning(ARP spoofing) & ARP flooding

Address Resolution Protocol (ARP), because of its simpleness, fastness, and
effectiveness, is becoming increasingly popular among internet raggers, thus
causing severe influence to the internet environment.
ARP spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a
technique used to attack an Ethernet wired or wireless network which may
allow an attacker to sniff data frames on a local area network (LAN), modify
the traffic, or stop the traffic altogether (known as a denial of service
attack). The attack can obviously only happen on networks that indeed make
use of ARP and not another method.

First, let me introduce you the tools I use are Ax3soft Sax2, there are many
such tools, such as Sniffer, Snort, Ethereal, etc, I do not think that the
Sax2 is the best tool, I just think that Sax2 is easy-to-use, it can quickly
and accurately locate ARP source when ARP attack happens to the network, so
as to ensure normal and reliable network operation.

Solution:
First, launch sax2 and switch to the Diagnosis View.
Diagnosis View is the most direct and effective place to locate ARP attack
and should be our first choice. Its interface is displayed as picture1.


[img]http://www.ids-sax2.com/articles/images/QuickLocateARPAttackSource.gif[
/img] (picture1)

Picture 1 definitely points out that there are two kinds of ARP attack
event, ARP Scan and ARP MAC address changed, in the network, and the attack
source is clearly given at the bottom. Meanwhile, Sax2 NIDS will provide
reasons of such ARP attacks and corresponding solutions.


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
US-CERT TCSA TA08-190B -- Multiple DNS implementations vulnerable to cache poisoning MEB[_2_] General 14 July 26th 08 05:11 PM
CPU spoofing utility? Dan General 0 April 13th 05 09:21 AM
When and how should W98 detect ..... jona General 5 October 1st 04 10:47 PM
flooding on the zone Tired of Getting Booted General 9 September 17th 04 08:28 PM


All times are GMT +1. The time now is 07:42 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 Win98banter.
The comments are property of their posters.