Author Topic: how to block, ARP Spoofing  (Read 5071 times)

sunyan

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
how to block, ARP Spoofing
« on: November 27, 2007, 09:59:08 am »
Hello everyone.
I need your help, how can I block ARP spoofing attack, I think that is whit sensor settings options---Router parameters, but I don't know how to use them. or if there are another options, Can anyone help me??

Thanks in advance...

dencio24

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: how to block, ARP Spoofing
« Reply #1 on: July 06, 2008, 03:14:57 am »
Hi All, just like to inquire ifanyone on you have encountered my problem in netscreen ssg 140. During our investigation we found out that our vpn/fw (netscreen) is sending arp spoof on our network thus, one of our servers becomes intermittent. I tried using ettercap and I've seen that the source of arp spoof (attack) is the interface of my netscreen,

I tried using static arp facing to our server but still problem exists, I clear the arp then restarted the device but it didn't resolve the problem.

Can anyone please provide me better idea on how to resolve this wierd problem I'd encountered?

Thanks,

Capt_Winters

  • Sr. Member
  • ****
  • Posts: 320
  • Karma: +0/-0
    • View Profile
Re: how to block, ARP Spoofing
« Reply #2 on: September 18, 2008, 02:10:16 am »
also..what about port blocking....

Capt_Winters

  • Sr. Member
  • ****
  • Posts: 320
  • Karma: +0/-0
    • View Profile
Re: how to block, ARP Spoofing
« Reply #3 on: September 18, 2008, 03:22:16 am »
i just figured it out...

 i created service object - custom then defined the ports that were being used where i wanted it to be blocked.

 i created a policy say..from mail server as destination service is the port that i created then action - drop connection

aweck

  • Sr. Member
  • ****
  • Posts: 433
  • Karma: +0/-0
    • View Profile
    • HIC Networks
Re: how to block, ARP Spoofing
« Reply #4 on: September 18, 2008, 08:39:39 am »
Hi All, just like to inquire ifanyone on you have encountered my problem in netscreen ssg 140. During our investigation we found out that our vpn/fw (netscreen) is sending arp spoof on our network thus, one of our servers becomes intermittent. I tried using ettercap and I've seen that the source of arp spoof (attack) is the interface of my netscreen,

Sounds like you might have a conflicting MIP or VIP.  Aside from assigned IP addresses Netscreen only responds to ARP requests of configured MIP's or VIP's.  What are the IP addresses in question?
JNCIE-ER #63, JNCIE-M #705, JNCIE-SEC, JNCIS-FWV, JNCIS-SSL
http://www.hicnetworks.com/