Re: checking the not allowed changing of IP's
Hi!
> Some network cards won't allow this, and afaik no winblows product will.
>
> A switch with static arp tables is a more drastic solution if you really
> need this kind of spoofed IP protection. That way each machine
> has its own port on the switch, which only allows the MAC address
> for that machine and that machine only on that port.
> You would probably be well advised to set up static ARP tables on the
> firewall as well (just be aware that if you change a network card you
> have to update this :)
> As other have suggested, arpwatch is also a good idea.
Yes, I was thinking about to solve this problem with the use of the
switch.
I don't know SNMP yet. But isn't possible to monitor on the switch when
the MAC-switchport association changes with SNMP?
If this would be possible then the problem would be solved withou beeing
drastic. I mean that the arp table of the switch needs not to be
static...
Thanks,
Tamas
Reply to: