1

I need some help in understanding the technique of Genians/Trustwave NAC regarding ARP poisoning. As seen here Bypassing Trustwave NAC, it looks like a good method, but I don't simply get it. With ARP poisoning, the NAC device should send an ARP reply to any device which isnt on the trusted list. But this reply must be faster than reply of legitimate computer within network. What happens if any computer which is alive, answers faster for that ARP who-has packet? Any good explanation regarding this NAC technique?

RedS
  • 76
  • 5

1 Answers1

0

Both of those NAC products use Gratuitous ARP, not answering to the who-has packets to win the race.

schroeder
  • 123,438
  • 55
  • 284
  • 319
RedS
  • 76
  • 5
  • 2
    It would be helpful if you quoted or referenced where you found your answer. Or, you could delete the question if you feel the answer was too obvious. – schroeder Jan 15 '19 at 23:00