Attacking our pc router at work

Ted Mittelstaedt tedm at
Wed Apr 5 10:10:14 UTC 2006

>-----Original Message-----
>From: owner-freebsd-questions at
>[mailto:owner-freebsd-questions at]On Behalf Of Mark Jayson
>Sent: Wednesday, April 05, 2006 2:04 AM
>To: freebsd-questions at
>Subject: Attacking our pc router at work
> I have one question. What if I change my ip and mac address at 
>the same time to that of our pcrouter's ip and mac... Will this 
>going to kick out that router in our network, causing the rest 
>of the entire lan to be out of service??


>No one's gonna caught 
>me right??

That depends.

>Arpwatch can only watch if an ip address has moved 
>to another mac address but not when both ip and mac has moved 
>to another ip and mac... Do you know any possible solution to this??

Yes, buy good managed switches and install mac-level filters.  People
that run dumb hubs or unmanaged
switches in a large network are effin idiots in my book.

In a small network, like 20 or fewer stations, a savvy admin who
has encountered this trick before (ie: someone who has worked
college networks since there's always a few smart guys in the
fresman dorms who try this every year) can simply start pulling
out patch connections from the main hub or switch until the problem
goes away.

Typically corporate nets don't have these kinds of problems since
not many people want to risk getting fired.


More information about the freebsd-questions mailing list