From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thornton Prime <theoszi@gmail.com>
Subject: Re: arp poisoning?
Date: Thu, 10 Feb 2005 06:58:35 -0800
Message-ID: <2d7eccf505021006582451eebd@mail.gmail.com>
References: <200502101319.51807.fluca1978@infinito.it>
Reply-To: thornton@yoyoweb.com
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
In-Reply-To: <200502101319.51807.fluca1978@infinito.it>
Sender: linux-admin-owner@vger.kernel.org
List-Id: <linux-admin.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
To: Luca Ferrari <fluca1978@infinito.it>
Cc: linux-admin@vger.kernel.org

On Thu, 10 Feb 2005 13:19:51 +0100, Luca Ferrari <fluca1978@infinito.it> wrote:
> in my internal network someone is using a kind of arp poisoning, since two (or
> more) computers results _sometimes_ associated to the same MAC address. Since
> I've got a linux firewall-proxy (iptables and squid) that limits the traffic
> depending on the mac address, this is a problem for me. Is there a solution
> to solve the problem?

Someone else mentioned ip-sentinel. Arpwatch is also a useful tool.

If this is on your internal network, you are best off tracing down
which devices are conflicting and figuring out if this is intentional
or some sort of bug. Someone capable of arp poisoning on your internal
network might have done a lot more than suck bandwidth -- they can
launch a number of man-in-the-middle attacks.

thornton