my network is getting slower and goes down repeatedly. i use dhcp server in the network. how could i protect the network from this kind of attack? what tools can i use? router/switches? thanks .
2007-09-19 20:23:50 · 1 answers · asked by Anonymous in Computers & Internet ➔ Computer Networking
I setup MAC Access Control List but it didn't helped. Few logs from my Netgear FVS338:
2007 Sep 20 15:20:00 [MyFirewallRouter] [kernel] LOG_PACKET IN=SELF OUT=LAN SRC=192.168.0.253 DST=192.168.0.49 PROTO=TCP SPT=80 DPT=15786
- Last output repeated 25 times -
2007 Sep 20 16:17:40 [MyFirewallRouter] [kernel] SRC_MAC_MATCH[ACCEPT] SRC MAC = 00:0a:eb:75:23:92 IN=LAN OUT=WAN SRC=192.168.0.56 DST=218.106.248.80 PROTO=TCP SPT=4183 DPT=110
- Last output repeated twice -
2007 Sep 20 16:17:40 [MyFirewallRouter] [kernel] SRC_MAC_MATCH[ACCEPT] SRC MAC = 00:0a:eb:75:23:92 IN=LAN OUT=WAN SRC=192.168.0.56 DST=217.10.138.228 PROTO=TCP SPT=4185 DPT=110
- Last output repeated twice -
2007 Sep 20 16:17:59 [MyFirewallRouter] [kernel] LOG_PACKET IN=SELF OUT=LAN SRC=192.168.0.253 DST=192.168.0.49 PROTO=TCP SPT=80 DPT=16525
- Last output repeated 18 times -
2007-09-19 21:27:02 · update #1
192.168.0.253 is my Router Firewall's IP Address.
2007-09-19 21:28:36 · update #2
This type of attack is strictly an internal one. Your best defense against it is knowing who your users are. After that, periodic scans for unauthorized equipment, especially rogue wireless access points and promiscuous mode NICs, is the order of the day.
The most common cause of a suspected ARP poisoning attack isn't ARP poisoning at all but a rogue wireless access point or router with DHCP enabled running on your network. Most of them are installed by clueless newbies using the default settings. The DHCP server is handing out addresses on the wrong subnet for your network and once a DHCP client gets an IP address on the wrong subnet, it's toast.
2007-09-19 21:11:03 · answer #1 · answered by Bostonian In MO 7 · 1⤊ 0⤋