Page 1 of 1
Prevent arp attack on OS7800
Posted: 08 Nov 2007 21:09
by cshanyee
Hi,
Anybody knows how to prevent arp attack on Alcatel switches?
Any security guidelines that I can refer to?
Please advise.
Thanks
SY
Re: Prevent arp attack on OS7800
Posted: 09 Nov 2007 07:43
by benny
ALU improved the ARP handling on the OS7800 in the AOS 5.1.6.R02. So my advice is to upgrade to the latest 5.1.6.R02 available (currently 5.1.6.386.R02) to minimize the impact of ARP attacks.
Of course it would be better to find the source of this attack and stop it. On the ALU BPWS you can find two documents which describe how to troubleshoot a virus attack (Blaster is like a ARP attack due to the special way of network scanning).
General troubleshooting tip:
-> show health all cpu
With the above command you will be able to find the slot from which the attack comes (simply check the CPU usage).
Another helpful command:
-> debug ip packet (set the options you need) {start | stop}
Hope that helps you a bit..
Regards,
Benny
Re: Prevent arp attack on OS7800
Posted: 13 Nov 2007 01:17
by cshanyee
Hi Benny,
Thanks for the reply. Fyi, our switches are running 5.1.6 R02. May I know which 2 documents you are referring to? Please advise.
This issue was brought up by our auditor when they did pentest on our network.
I'm having trouble finding Alcatel info on the web.
rgds
SY
Re: Prevent arp attack on OS7800
Posted: 14 Nov 2007 08:28
by benny
There is no way to prevent an ARP attack on OS7800. You can only try to detect it and narrow down the source as described above.
The documents I am referring to are:
- Troubleshooting Blaster Worm on XOS and AOS
- Troubleshooting Novarg Worm on XOS and AOS
(Available on the BPWS)
Regards,
Benny