How to block, ARP Spoofing



  • Hello everyone.
    I need your help, how can I block ARP spoofing attack, I think that is whit sensor settings options–-Router parameters, but I don’t know how to use them. or if there are another options, Can anyone help me??

    Thanks in advance…



  • @dencio24:

    Hi All, just like to inquire ifanyone on you have encountered my problem in netscreen ssg 140. During our investigation we found out that our vpn/fw (netscreen) is sending arp spoof on our network thus, one of our servers becomes intermittent. I tried using ettercap and I’ve seen that the source of arp spoof (attack) is the interface of my netscreen,

    Sounds like you might have a conflicting MIP or VIP.  Aside from assigned IP addresses Netscreen only responds to ARP requests of configured MIP’s or VIP’s.  What are the IP addresses in question?



  • i just figured it out…

    i created service object - custom then defined the ports that were being used where i wanted it to be blocked.

    i created a policy say…from mail server as destination service is the port that i created then action - drop connection



  • also…what about port blocking….



  • Hi All, just like to inquire ifanyone on you have encountered my problem in netscreen ssg 140. During our investigation we found out that our vpn/fw (netscreen) is sending arp spoof on our network thus, one of our servers becomes intermittent. I tried using ettercap and I’ve seen that the source of arp spoof (attack) is the interface of my netscreen,

    I tried using static arp facing to our server but still problem exists, I clear the arp then restarted the device but it didn’t resolve the problem.

    Can anyone please provide me better idea on how to resolve this wierd problem I’d encountered?

    Thanks,


 

28
Online

38.4k
Users

12.7k
Topics

44.5k
Posts