Comments on: Web Page Code Injection via ARP Spoofing http://blogs.mcafee.com/mcafee-labs/web-page-code-injection-via-arp-spoofing Sat, 12 May 2012 04:55:36 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: David http://blogs.mcafee.com/mcafee-labs/web-page-code-injection-via-arp-spoofing/comment-page-1#comment-12119 David Fri, 05 Oct 2007 18:31:59 +0000 http://blogs.mcafee.com/2007/09/18/web-page-code-injection-via-arp-spoofing/#comment-12119 While you can prevent ARP spoofing by the use of static, non-changing ARP entries (each entry maps a MAC address to corresponding IP address), this is not practical on a large network, due to the large overhead of keeping ARP tables up to date. Therefore another method, such as DHCP Snooping, can be utilised on larger networks. Via DHCP, the network device keeps a record of the MAC addresses that are connected to each port, so it can readily detect if a spoofed ARP has been received. This method is implemented on networking equipment by vendors such as Cisco, Extreme Networks and Allied Telesis. - Source : http://en.wikipedia.org/wiki/ARP_spoofing While you can prevent ARP spoofing by the use of static, non-changing ARP entries (each entry maps a MAC address to corresponding IP address), this is not practical on a large network, due to the large overhead of keeping ARP tables up to date. Therefore another method, such as DHCP Snooping, can be utilised on larger networks. Via DHCP, the network device keeps a record of the MAC addresses that are connected to each port, so it can readily detect if a spoofed ARP has been received. This method is implemented on networking equipment by vendors such as Cisco, Extreme Networks and Allied Telesis. – Source : http://en.wikipedia.org/wiki/ARP_spoofing

]]> By: Patrick Nolan http://blogs.mcafee.com/mcafee-labs/web-page-code-injection-via-arp-spoofing/comment-page-1#comment-12118 Patrick Nolan Tue, 18 Sep 2007 19:32:14 +0000 http://blogs.mcafee.com/2007/09/18/web-page-code-injection-via-arp-spoofing/#comment-12118 Hmmm, Please publish the names/links of the malware analysis that McAfee has published that detail the use of ARP the way you describe. This should be a big news item, but you've published no details for IDS signature development etc. Nice work though! Regards, Pat Hmmm, Please publish the names/links of the malware analysis that McAfee has published that detail the use of ARP the way you describe. This should be a big news item, but you’ve published no details for IDS signature development etc.

Nice work though!

Regards,

Pat

]]>