satish_zanjurne Mon, 10/13/2008 - 05:42


Hi,


DAI ( Dynamic ARP Inspection ) is the feature will help you on switches & routers.


Dynamic ARP inspection is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks.


Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed. The switch performs these activities:


•Intercepts all ARP requests and responses on untrusted ports


•Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local ARP cache or before forwarding the packet to the appropriate destination


•Drops invalid ARP packets



For PIX/ASA


ARP Inspection is the feature that will prevents malicious users from impersonating other hosts or routers (known as

ARP spoofing). ARP spoofing can enable a “man-in-the-middle” attack.



HTH...rate if helpful..

Actions

This Discussion