Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
468
Views
0
Helpful
2
Replies

Best way to detect and prevent DSNIFF

aonibala
Level 1
Level 1

‎02-04-2004 12:49 PM - edited ‎03-09-2019 06:19 AM

The new CAT6500 with 720 SUP has a security feature by hard-coding the MAC and the default gateway. What other ways to detect and prevent DSNIFF?

Thanks,

Audie

Labels:
0 Helpful
2 Replies 2

wong34539
Level 6
Level 6

‎02-11-2004 06:55 AM

ARP Watch - one method to sniff on a switched network is to ARP spoof the gateway. A utility called arpwatch can be used to monitor the arp cache of a machine to see if there is duplication for a machine. If there is, it could trigger alarms and lead to detection of sniffers

0 Helpful

mcerha
Level 3
Level 3

‎02-11-2004 02:10 PM

4.x sensors contain the ATOMIC.ARP engine which has signature to detect ARP cache poisoning type attacks used by tool like Dsniff. Keep in mind that the IDS must be on the same physical segment (or VLAN) as the attacker to detect this type of attack. See the 71xx signatures for more information.

0 Helpful
Customers Also Viewed These Support Documents