14 Jun
2006
14 Jun
'06
11:49 a.m.
* Christopher L. Morrow:
On Wed, 14 Jun 2006, Suresh Ramasubramanian wrote:
http://thespamdiaries.blogspot.com/2006/02/new-host-cloaking-technique-used-...
* Monitor your local network for interfaces transmitting ARP responses they shouldn't be.
how about just mac security on switch ports? limit the number of mac's at each port to 1 or some number 'valid' ?
The attack is not visible at layer 2, so this won't help. You need static ARP tables on relevant hosts, but even that is only a stopgag measure. Better invest into one (virtual) router port per customer host. 8-/