Re: ARP Poisioning protection for Windows users

Also what you can do is to set a static arp entry for your gateway mac address. It's not 100% secure, but will do lots of the job. See :\>arp -h

If somebody tried to arpspoof the gateway, your machine will still send its traffic to that gateway; however, if he flooded your machine, am not sure win will be able to cope with this attack.

./Ghaith

Today is the tomorrow you worried about yesterday

-----Original Message-----

From: Hiroaki Kondo [mailto:hackman@venus.dti.ne.jp] Sent: Wednesday, July 23, 2003 7:27 AM
To: security-basics@securityfocus.com
Subject: Re: ARP Poisioning protection for Windows users

In-Reply-To: <002801c3469b$32e85cf0$d70c420a@bigkid>

Hi

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://packetstorm.trustica.cz/Win2k/irs15.exe

Aren't you trying this one?

I Hope this is good at your purpose.

Hiroaki Kondo

Crosshead K.K. In Japan

Product Description:

IP Restrictions Scanner (IRS) is a Windows NT/2k tool which finds out

which network restrictions have been set for a particular service on a

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

host. It combines "ARP Poisoning" and "Half-Scan" techniques and tries

totally spoofed TCP connections to the selected port of the target.

Changes: Better temp file use to minimize false positives, bug fixes, and

code cleanups. Homepage: http://www.oxid.it. By Mao