10-13-2008 05:00 AM - edited 03-06-2019 01:53 AM
Hi all, is there any way of protecting my network against arp poisoning attacks etc?
cheers
Carl
10-13-2008 05:42 AM
Hi,
DAI ( Dynamic ARP Inspection ) is the feature will help you on switches & routers.
Dynamic ARP inspection is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks.
Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed. The switch performs these activities:
â¢Intercepts all ARP requests and responses on untrusted ports
â¢Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local ARP cache or before forwarding the packet to the appropriate destination
â¢Drops invalid ARP packets
For PIX/ASA
ARP Inspection is the feature that will prevents malicious users from impersonating other hosts or routers (known as
ARP spoofing). ARP spoofing can enable a âman-in-the-middleâ attack.
HTH...rate if helpful..
10-13-2008 06:59 AM
hi there, so how would I set this up on a switch, what is the feature called ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide