Date: Sat, 12 Apr 2008 03:19:31 +0200 From: Dan Lukes <dan@obluda.cz> To: freebsd-security@freebsd.org Subject: Re: ARP Poisoning Message-ID: <48000E23.2000907@obluda.cz> In-Reply-To: <4d4dc3640804111658k16a4b27fr5b8dff7f3997f927@mail.gmail.com> References: <4d4dc3640804111658k16a4b27fr5b8dff7f3997f927@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
budsz napsal/wrote, On 04/12/08 01:58: > I got movement ARP entry to other MAC ADDR > on the same IP ADDR. Everyone know what happen is? Is that ARP > Poisoning. Not necessary. It may be misconfigured computer (configured statically to use an address assigned to another computer). Or there may be an unauthorized DHCP server - for example misconfigured Windows with two or more NICs may run one causing the IP conflicts. Yes, it may be intentional attack also. How to resolve ? You need to found the source of problem and disconnect it. If it is misconfiguration, you may identify the computer via MAC. If it is attack and your LAN is not so large, you may try to disconnect parts of them - when problem disappear you know the segment of the computer you are searching for. If your LAN isn't small you need to consult your switches from where the attacker MAC come. You can't build reliable large LAN with dumb switches, so I'm sure you have smart switches on your LAN. But it seems to me your question has nothing to do with FreeBSD with the exception that there is one computer with FreeBSD connected to problematic LAN. Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48000E23.2000907>