Is there any possible way to implement a defence mechanism in a firewall to be able to prevent ARP spoofing in a DMZ. Our DMZ server consist of two webservers and a database (which should be available from the internet)
Asked
Active
Viewed 780 times
2 Answers
1
Whereas Jari's answer correctly states measures against some MITM attacks, ARP spoofing is a specific MITM attack which is not prevented by enabling DHCP snooping or port-security, (which protect against DHCP race and CAM table attacks respectively).
ARP spoofing in particular can be protected against by
- setting static ARP values
- deploying dynamic ARP inspection (e.g. ARPwatch).
Please, also check this stackoverflow question, which lists different kinds of MITM attacks.
0
ARP spoofing is a layer 2 attack so harden your network by enabling features like DHCP Snooping and port-security on your switches.
Jari Huttunen
- 600
- 1
- 6
- 8