Detect ARP poisoning(ARP spoofing) & ARP flooding

Discussion in 'Windows 7 Networking' started by DevidHuang, Feb 18, 2009.

  1. DevidHuang

    DevidHuang Honorable Member

    Joined:
    Feb 18, 2009
    Messages:
    5
    Likes Received:
    0
    Address Resolution Protocol (ARP), because of its simpleness, fastness, and effectiveness, is becoming increasingly popular among internet raggers, thus causing severe influence to the internet environment. ARP spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network which may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether (known as a denial of service attack). The attack can obviously only happen on networks that indeed make use of ARP and not another method. First, let me introduce you the tools I use are Ax3soft Sax2, there are many such tools, such as Sniffer, Snort, Ethereal, etc, I do not think that the Sax2 is the best tool, I just think that Sax2 is easy-to-use, it can quickly and accurately locate ARP source when ARP attack happens to the network, so as to ensure normal and reliable network operation.Solution:First, launch sax2 and switch to the Diagnosis View.Diagnosis View is the most direct and effective place to locate ARP attack and should be our first choice. Its interface is displayed as picture1. [​IMG] (picture1)Picture 1 definitely points out that there are two kinds of ARP attack event, ARP Scan and ARP MAC address changed, in the network, and the attack source is clearly given at the bottom. Meanwhile, Sax2 NIDS will provide reasons of such ARP attacks and corresponding solutions.
     
  2. Microsoft Addict

    Microsoft Addict New Member

    Joined:
    Mar 5, 2009
    Messages:
    36
    Likes Received:
    0
    Nicce

    Oh how cool is that and it just came to me in the right time,i highly suspect that my pc is being spoofed and i dont understand a lot bout networking but im just a curious dude who keeps getting updated with the latest security issues news so i can prevent myselft from being harmed...
    so the thing is ,every time i connect to any web site or msn it adds up to my arp stack a bunch of addresses,which was not usual when i used to deal with LAN connections ,but currently im using a 3G internet and to be more specific the wireless USB stick one...my modem is HUAWEI E156 and i got the other which is HUAWEI E226 so ive been preventing Synattack with those reg tweaks but lately my internet is too slow 10kbs tax rate so it sucks so much...and also im getting lots of Echo requests so i really need to get rid of those CAN anyone help me out? and i also would like to know if this software prevents arp stack from being spoofed?
    will be looking forward for the reply and thx in advance!!
    RR
     
  3. Microsoft Addict

    Microsoft Addict New Member

    Joined:
    Mar 5, 2009
    Messages:
    36
    Likes Received:
    0
    sniff-em and Sas3 no success on installing those....i might try the other ones and see if theyr 7 compatible...
    Cheers
    RR
     

Share This Page

Loading...