On Tuesday 19 March 2002 11:05 am, you wrote:
1) All connections to my server can be redirected through an attacking system by using ARP-poisoning techniques
Yes. And arp poisoning isn't your only worry. They could DoS your system, then steal your MAC address, too. ARP poison countermeasures won't help against that, only proper authentication of communicating parties will.
2) I can try to notice if something happens to the ARP-table but I can not prevent things from happening without having a secure switch at Puretec ;-)
And remember that switches aren't security enforcement devices and shouldn't be expected to be.
The 3com switches that we have (SuperStack II) certainly have some active security measures. Enabling "Port Security" on a port makes the switch remember the first MAC address it receives and locks that MAC address to that port until overridden by manual intervention. Although unfortunately they cannot perform any kind of ARP poison countermeasures. Andy -- Andy Spiers - internet developer, consultant and sysadmin email: andy@spiers.co.uk - mobile: +34 686 050 318