2 Sep
1999
2 Sep
'99
9:28 a.m.
[ Quoting Leigh Porter <leigh@insnet.net> ]:
As a side note, does anybody use anything to prevent address spoofing in their network? That would at prevent a lot of attacks completly and make tracing the rest much easier.
We're in a switched network so Spoofing is only possible by ARP-Hijackiking. To prevent such attacks I've coupled Arpwatch, Hunt and some selfmade tools to inject NULL-Routes against any source of more than 30 Flip-Flops in a given time. Until now I only had one false positive and three false negatives. jonas