Re: [cobalt-users] Raq3 admin & root passwords

[jk@xxxxxxxxxxxx (Jens Kristian Søgaard)]

Chris Adams <cmadams@xxxxxxxxxx> writes:

> > > Every time there is an ARP request for your IP address, I could answer
> > > (and there are ways to make sure that _my_ answer is heard instead of

> > But there are also ways (on more advanced switches) to make sure, that
> > your answer is _not_ heard.

> I guess I haven't run across an ethernet switch that looks at layer 3
> stuff like ARP.  The only way I know to combat ARP spoofing is to hard
> code ARP tables on routers, but that is a major pain.

Hmm, maybe I'm mixing some things together. I'm not sure if the
devices I was talking about are some kind of mix between a router and
a switch (or an intelligent switch).

But sure ARP runs on a higher layer than switches normally look
at. But heck, the 7-layer OSI-model are more and more often "broken"
(excuse my bad English... I'm Danish).

I'm not responsible for the more weighty ends of our network solutions
(we have other guys that know much more about this than me). It's not
really the area of my interest. But I do know that they have talked
about combatting ARP spoofing, and shown me one of the damn beats that
does this.

Maybe they just wrote up a small system to setup the ARP tables on the
router (or whatever device is was) to match our internal database of
MAC<->IP combinations. Maybe I should ask them :-)
 

-- 
Jens Kristian Søgaard,
jk@xxxxxxxxxxxx -- http://www.jksoegaard.dk/
Søger du noget? -- http://www.google.com/
echo|perl -ple'$_+=4E-6*!int rand()**2+rand()**2while$i++-1E6'