Arpwatch

PcTek9

PcTek9

Well-Known Member
Reaction score
85
Location
Mobile, AL
Arpwatch is a linux daemon that can run in the background and analyze Address Resolution Protocol requests. It notices IP pairings to mac addresses. When an IP/mac pair changes it can notify an admin via sendmail. This helps to alert a network admin in case of arp spoofing by a hacker. Arpwatch can also notify of NEW mac addresses on the network and notifies the admin as well.
Arpon should also be checked out by linux admins, it can alert admins to various types of arp spoofing, man in the middle attacks, arp cache poisoning, and arp route poisoning, making the arp protocol secure.
 
I was listening to a vendor interview recently with someone from a company that basically trains neural networks to look at normal network traffic and highlight abnormal behavior. Sounds fascinating, though much more oriented (and priced) for enterprises.

Edit: this sounds like a complete nonsequitir, but it is an extension of watching for arp changes and oddness.
 
You must log in or register to reply here.

Similar threads

NETWizz
Access Lists
Replies
0
Views
563
NETWizz
NETWizz
PcTek9
better network security
Replies
0
Views
1K
PcTek9
PcTek9
HCHTech
Recalcitrant printer
Replies
3
Views
640
nlinecomputers
nlinecomputers
HCHTech
Managing Unifi equipment
Replies
12
Views
3K
Sky-Knight
Sky-Knight
Canadian Tech
New Email Scam?
Replies
6
Views
1K
dougp23
D
Back
Top