Re: Solution to ARP spoofing on 3560 and 2960 switches please

Discussion in 'Cisco' started by Muffelmampf@googlemail.com, Apr 20, 2008.

  1. Guest

    Hi,

    you might try XArp2 to monitor LAN subnets. Have a look at it here:
    http://www.chrismc.de/development/xarp/

    Regards,
    Chris

    On Apr 8, 4:54 pm, Sanal Kisi <> wrote:
    > Hi,
    >
    > We have a Cisco6500 as the backbone and a 3560 as router in each of
    > the edges (buildings). Connected to 3560's there are 2960's. Each of
    > the buildings have their own VLAN/subnets.
    >
    > Recently we found out that infected PC's in every building are sending
    > strange ARP packets and announcing themselves as the gateway of the
    > subnet/VLAN. As a result, instead of using the real gateway (the 3560)
    > all the other users start communicating with the infected PC thinking
    > it is the gateway.
    >
    > With this strategy, the infected PC serves as the gateway when
    > communicting with the normal PC's but also injecting extra
    > virus/infections when providing data to them.
    >
    > I have found that this operation is called Address Resolution Protocol
    > (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing
    > (APR). (http://en.wikipedia.org/wiki/ARP_spoofing).
    >
    > As a solution DHCP spoofing (Dynamic ARP Inspection.) is recommended
    > (http://en.wikipedia.org/wiki/DHCP_snooping). The only problem here is
    > that, 3560's support "Dynamic ARP Inspection" but not the 2960's.
    >
    > I want to believe and hope that there is a solution available to this
    > problem which affects our thousands of users.
    >
    > Regards.
     
    , Apr 20, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ned
    Replies:
    3
    Views:
    16,051
  2. Trendkill
    Replies:
    7
    Views:
    1,373
  3. News Reader
    Replies:
    0
    Views:
    484
    News Reader
    Apr 9, 2008
  4. Paul Matthews
    Replies:
    0
    Views:
    474
    Paul Matthews
    Apr 9, 2008
  5. News Reader
    Replies:
    0
    Views:
    543
    News Reader
    Apr 10, 2008
Loading...

Share This Page