02-04-2004 12:49 PM - edited 03-09-2019 06:19 AM
The new CAT6500 with 720 SUP has a security feature by hard-coding the MAC and the default gateway. What other ways to detect and prevent DSNIFF?
Thanks,
Audie
02-11-2004 06:55 AM
ARP Watch - one method to sniff on a switched network is to ARP spoof the gateway. A utility called arpwatch can be used to monitor the arp cache of a machine to see if there is duplication for a machine. If there is, it could trigger alarms and lead to detection of sniffers
02-11-2004 02:10 PM
4.x sensors contain the ATOMIC.ARP engine which has signature to detect ARP cache poisoning type attacks used by tool like Dsniff. Keep in mind that the IDS must be on the same physical segment (or VLAN) as the attacker to detect this type of attack. See the 71xx signatures for more information.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide