10-13-2008 05:00 AM - edited 03-06-2019 01:53 AM
Hi all, is there any way of protecting my network against arp poisoning attacks etc?
cheers
Carl
10-13-2008 05:42 AM
Hi,
DAI ( Dynamic ARP Inspection ) is the feature will help you on switches & routers.
Dynamic ARP inspection is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks.
Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed. The switch performs these activities:
â¢Intercepts all ARP requests and responses on untrusted ports
â¢Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local ARP cache or before forwarding the packet to the appropriate destination
â¢Drops invalid ARP packets
For PIX/ASA
ARP Inspection is the feature that will prevents malicious users from impersonating other hosts or routers (known as
ARP spoofing). ARP spoofing can enable a âman-in-the-middleâ attack.
HTH...rate if helpful..
10-13-2008 06:59 AM
hi there, so how would I set this up on a switch, what is the feature called ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: