[ previous ] [ next ] [ threads ]
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Anti netcut (was Re: [m0n0wall] m0n0wall 1.3b17)
 Date:  Thu, 30 Apr 2009 20:18:21 -0500
Mohammed Ismail wrote:

> Well 
> I thought that in the beginning and I thought I must control layer2 traffic.
> Notice that some other systems do prevent arp spoofing
> Now with secondary ip in m0n0wall we can do this>
 > ...

I think you miss the point.  With arp poisoning, I can see all traffic 
on a given switch, and I do not even need an IP address.  Apr is at 
Layer 2.  IP does not come in until Layer 3.

The fix is switches that limit arp floods.  Of course, then you go the 
the AP, and most of them can not limit arp, so your netcut guy on 
wireless still can see everything in that AP.