nntp2http.com
Posting
Suche
Optionen
Hilfe & Kontakt

test 21706

Von: Devid (2460762@qq.com) [Profil]
Datum: 06.03.2009 04:38
Message-ID: <goq5s1$ccb$1@news.cn99.com>
Newsgroup: alt.comp
--boundarySiFn
Content-Type: text/plain;  	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable



g*EkPq(F_#PxMugiqarYKfZca
--boundarySiFn
Content-Type: text/html;  	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD>
<BODY contentEditable=true>
<P>&nbsp;Address Resolution Protocol (ARP), because of its simpleness, fast
ness, and effectiveness, is becoming increasingly popular among internet ra
ggers, thus causing severe influence to the internet environment. <BR>ARP s
poofing, also known as ARP poisoning or ARP Poison Routing (APR), is a tech
nique used to attack an Ethernet wired or wireless network which may allow
an attacker to sniff data frames on a local area network (LAN), modify the
traffic, or stop the traffic altogether (known as a denial of service attac
k). The attack can obviously only happen on networks that indeed make use o
f ARP and not another method. </P>
<P>First, let me introduce you the tools I use are Ax3soft Sax2, there are
many such tools, such as Sniffer, Snort, Ethereal, etc, I do not think that
the Sax2 is the best tool, I just think that Sax2 is easy-to-use, it can q
uickly and accurately locate ARP source when ARP attack happens to the netw
ork, so as to ensure normal and reliable network operation.</P>
<P>Solution:<BR>First, launch sax2 and switch to the Diagnosis
View.<BR>Dia
gnosis View is the most direct and effective place to locate ARP attack and
should be our first choice. Its interface is displayed as picture1.</P>
<P>&nbsp; [img]http://www.ids-sax2.com/articles/images/QuickLocateARPAttack
Source.gif[/img]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&
;nbsp;&nbsp;&nbsp
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp
;&nbsp;&nbsp;&nbsp;&n
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n
bsp;&nbsp;&nbsp;&nbsp
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp
;&nbsp;&nbsp;&nbsp;&n
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
(picture1)</P>
<P>Picture 1 definitely points out that there are two kinds of ARP attack e
vent, ARP Scan and ARP MAC address changed, in the network, and the attack
source is clearly given at the bottom. Meanwhile, Sax2 NIDS will provide re
asons of such ARP attacks and corresponding
solutions.</P></BODY></HTML><br
><br>edhzbJ=.fJrB)?__rIpxqJ<oG
--boundarySiFn--


[ Auf dieses Posting antworten ]