Defenses

• Increase MAC table entry timeouts in switches to minimize switch leakage
• Allow only encrypted terminal sessions/file transfers (e.g, SSH, Kerberized telnet and ftp w/encryption enabled)
• Use arpwatch to keep track of ethernet/IP address pairings
• Turn off ARP and use static ARP tables
• Or if you really want to go wild trying to detect these attacks, see: Implementing A Generalized Tool For Network Monitoring, by Marcus J. Ranum, et al, Network Flight Recorder, Inc. and check out Snort (a lightweight, free intrusion detection system, or "IDS")
• Eventually, IPSec (see RFC 2401) and IPv6 should help

References

• The IETF IP Security Working Group News
• Some IPSEC weaknesses by Steve Bellovin (smb@research.att.com)
• Swan: Securing the Internet against Wiretapping

[End] | [Prev]