- Community Home
- >
- Networking
- >
- Security e-Series
- >
- Re: ARP Poisoning Attack
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2017 06:29 AM
02-06-2017 06:29 AM
ARP Poisoning Attack
Hello all,
As you know, ARP poisoning attack is the process of linking an attacker’s MAC address with the IP address of a legitimate user on a local area network using fake ARP messages. As a result, data sent to the host IP address is instead transmitted to the attacker.
I need to protect a network with ARP poisoning attacks. All the servers are using fixed IP adresses (so no DHCP).
Do you have some experience and how you proceed to protect your network ?
A easy solution is to implement static ARP entries but i"m looking for an another solution if you have.
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2017 05:50 PM
02-06-2017 05:50 PM
Re: ARP Poisoning Attack
Really, if you are in a situation where devices on a broadcast segment are untrusted, you should segregate them using port isolation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2017 11:13 PM
02-06-2017 11:13 PM
Re: ARP Poisoning Attack
It''s not really untursted devices, but we are in a PCI context and we need to run vulnerability scans. ARP poisoning is part of the scan and we need to protect our environnement against this attack.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2017 07:08 AM - edited 02-07-2017 07:21 AM
02-07-2017 07:08 AM - edited 02-07-2017 07:21 AM
Re: ARP Poisoning Attack
Not sure if informations about Dynamic ARP Protection feature apply entirely - I mean: now, years after the linked article - also to actual Aruba 2920 but this article would be interesting enough to start with (and so...looking for a similar feature on Aruba 2920 could be the very first thing to do): on HPE ArubaOS-Switch Access Security Guide for WB.16.03 there is a clear reference [*] about Dynamic ARP Protection (page 384), part of "Configuring Advanced Threat Protection" Chapter 17 (among others, also DHCP Snooping, Dynamic IP Lockdown and Instrumentation Monitor, are discussed topics).
[*] I'm quite sure I saw the same feature described in earlier WB.15.18 documentation too.
I'm not an HPE Employee
