about ip spoofing...attack

Unanswered Question
Oct 29th, 2007
User Badges:

hi, I have some question.

Arp spoofing attack was makes down of our some network.

I want to privent this attack.

I found DAI to cisco web-site.

But Our Network is non-DHCP envirenment.

I read the cisco document of DAI.

according to document, configur ARP ACL non-DHCP envirnemet.

but we have 1000 over host.

input the 1000 over arp acl to C6509?

please, other way?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jsivulka Fri, 11/02/2007 - 07:04
User Badges:
  • Bronze, 100 points or more

One of the IOS features that you are probably interested in is called Unicast Reverse-Path verification. There are other mechanisms as well such as Access Control Lists that can help protect against IP Address spoofing.

Below is a link that explains in more detail the Unicast Reverse-Path verification:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_i2g.htm#wp1097947

Enabling DHCP Snooping is fairly straightforward, here is the guide:

http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapter09186a00801cddbc.html


clarkl2006 Sat, 11/03/2007 - 11:30
User Badges:

Thanks for your reply.

But Attack Server located in same VLAN.

This Server was Flooding 1 mac-address and all IP Address of VLAN.

After all, All host was down in same VLAN.

If One mac-address have many IP Address(Attacking), then it possible limit one mac-address per IP address? like a limit mac-address number.

I want to defense of Local IP Flooding Attack.

Now I was mapping of important Server's IP and mac.

Actions

This Discussion