[ previous ] [ next ] [ threads ]
 
 From:  "Mohammed Ismail" <m dash ismail at link dot net>
 To:  "m0n0" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: FW: [m0n0wall] malware HackTool.win32.ArpAttacker.3020
 Date:  Thu, 8 May 2008 02:28:53 +0300
thanks every body for great help, it is my problem then to find Managed switches.
although it is not cost effeciant. buying managed switeches for all networks.
i though i might solve it by software.
but as it clearly says, i am here in layer 2 come and get me, then switeches will be.
bye da way, it is my x job, in sharm el shiekh,
and yes sharm is where the weather is great all arround the year.
i am currently in Alexandria.
my last question will be. is it possible to preven PCs connected to cisco switch from spoofing with
arp ?
or i shal disconnect or turnoff ports on the switch of infected clients.
thanx alot , you all been great helpers.
Best Regards.
 
Mohammed A. Ismail


I think the VPN solution is not an option for you and won't stop attacks
like yours. As I understand it, the VPN solution is related to ARP relay
attacks, and don't help with ARP poisoning. It's really on Layer2 side and
have to be managed on switch. And even on switch, ARP attacks are difficult
to control. Closing down security on switch port brings all kind of troubles
and nuisances.
On the other hand, Layer2 attacks like this are not that common and maybe
won't happen again :). You could just fix it now and hope it doesn't
reappear.

Just my opinion with the data i have on this matter.

BTW: Is this the Sharm El Sheik in Egipt, where surfers from all over the
world come for holidays?

Regards, Bostjan

-----Original Message-----
From: Mohammed Ismail [mailto:m dash ismail at link dot net]
Sent: 2008-05-07 08:46
To: m0n0
Subject: RE: FW: [m0n0wall] malware HackTool.win32.ArpAttacker.3020

as i can see,
i can use Managed switched cabable of filtering MAC like cisco,
i can use VPN , dialup at eatch client, server at m0n0wall
i can cure and secure Clients to prevent such attacks
and to find bad clients and ripoff thier Ethernet Cables.

i realy can play with software, hardware will be much for me.
now a little question popup
if i use VPN can i still have users passwing through captive portal after
logging on the vpn ?
id if so,, do i need a 3rd interface on my m0n0wall?

best regards.