How do you defend against ARP Spoofing?

How do you defend against ARP Spoofing?

How do you defend against ARP Spoofing?

A.
Use ARPWALL system and block ARP spoofing attacks

B.
Use private VLANS

C.
Tune IDS Sensors to look for large amount of ARP traffic on local subnets

D.
Place static ARP entries on servers, workstation and routers

Explanation:
ARPWALL is a opensource tools will give early warning when arp attack occurs. This tool is still under construction.



Leave a Reply 7

Your email address will not be published. Required fields are marked *


destiny

destiny

i have another answer which says ARPWALL is a better option that IDS option will work in case of monitoring traffic from outside the network but not from internal hosts

hackersmacker

hackersmacker

Response A is bollocks in reality

arpWall: Last Update: 2007-07-17
No files for download at Sourceforge & official site

Eddie Guerrero

Eddie Guerrero

Actually it was a project that no one donated to so no one bothered to continue. It used to be here http://arpwall.sf.net. I think it went wayside and Arp-guard was the replacement project. https://www.arp-guard.com/info/support/faq/?lang=english
This test is damn old so maybe it’s a carry over from back in the day linux! If private vlans can be the answer then I guess it’s assuming you have like only 1 PC plugged into a 1 port vlan, and only 1 PC plugged into another 1 port vlan. The minute you trunk that port to lead to multiple devices connecting in a vlan, and not just that 1 PC, you’ve potentially lost layer 2 protection they’re claiming vlans provide, not to mention vlan hopping.

Adel

Adel

ArpWALL-VLans-Static ARPS
Static ARP entries will definitely stop the attack, but tedious to implement on larger networks
VLans definitely will reduce the impact of such attack, only the VLan where the attacker is is affected, other VLans are fine. And even if the gateways is spoofed, only the Secondary IP of the gateway belonging to the effected VLan is spoofed, still other IPs belonging to the other VLans are functional.
IDS sensors can not help if out side the LAN. Even if inside the lan, they only will be able to report the incident, but can not block the attack. + large amounts of arp trafic doesn’t mean necessarily it is an attack, it could be a legit traffic still.
ARP Wall: is a tool used to warn from and block arp spoofing attacks, not sure if it is 100% done yet.

Ik

Ik

The correct Answers are ADC,

Private vlans make it impossible to hop from one server to one other.
Other answers are correct