Detect ARP poisoning(ARP spoofing) & ARP flooding

Discussion in 'Windows Networking' started by Andy.h, Mar 9, 2009.

  1. Andy.h

    Andy.h Guest

    Address Resolution Protocol (ARP), because of its simpleness, fastness, and
    effectiveness, is becoming increasingly popular among internet raggers, thus
    causing severe influence to the internet environment.
    ARP spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a
    technique used to attack an Ethernet wired or wireless network which may
    allow an attacker to sniff data frames on a local area network (LAN), modify
    the traffic, or stop the traffic altogether (known as a denial of service
    attack). The attack can obviously only happen on networks that indeed make
    use of ARP and not another method.

    First, let me introduce you the tools I use are Ax3soft Sax2, there are many
    such tools, such as Sniffer, Snort, Ethereal, etc, I do not think that the
    Sax2 is the best tool, I just think that Sax2 is easy-to-use, it can quickly
    and accurately locate ARP source when ARP attack happens to the network, so
    as to ensure normal and reliable network operation.

    First, launch sax2 and switch to the Diagnosis View.
    Diagnosis View is the most direct and effective place to locate ARP attack
    and should be our first choice. Its interface is displayed as picture1.[
    /img] (picture1)

    Picture 1 definitely points out that there are two kinds of ARP attack
    event, ARP Scan and ARP MAC address changed, in the network, and the attack
    source is clearly given at the bottom. Meanwhile, Sax2 NIDS will provide
    reasons of such ARP attacks and corresponding solutions.
    Andy.h, Mar 9, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.