ARP Spoof question

I am reviewing some practice questions and one states there are a number of ARP spoofing attacks on a network. What design element would mitigate the ARP spoofing attacks.
Answer choices are Implicit Deny; VLAN's, Flood guards, and Loop Protection
Book answer says its Flood Guards, but from my reading in Darril's Book Get Certified Get Ahead Study Guide I come up with VLAN's.
Who is right. I thought the Flood Guards were mainly for DoS Syn flood attacks. Darril specifically mentions using VLAN segregation to help prevent scope of ARP poisioning attacks in his book on page 303.

Help, Please

Find more posts tagged with

Comments

SecurityThroughObscurity

You can still perform attack in a particular VLAN.
In order to completely eradicate arp spoofing attacks you would need to put every host in a separate VLAN.

Flood guards can limit attacker's arp-responses with spoofed MAC, but it's not a perfect solution too.

longbits

Thanks for the input, although both seem to mitigate the arp attack, I am still not quite sure which "mitigates" better.

SecurityThroughObscurity

It depends on a network topology I suppose.

longbits

Being a newbie to this testing process and having to take these tests where the questions seem poorly or vaguely written is a little frustrating. Although I have done my job for over 10 yrs this test will determine if I keep it, which I feel sure I will pass. I hope the questions are more straightforward with enough detail to allow the correct choice to make some logical sense based on reality and not someone's opinion.
I purchased Darril Gibson's book, read once reviewed 3x. Taken all the book tests and only miss a couple questions, usually due to my hurried answers and not reading the question well. I memorized the ports the book suggested and reviewed the performance examples in his blogs. I also use Wikipedia to explain other items when I cannot find in the book. Not enough time to watch lengthy videos. I think I am ready and will shoot for Monday test.

SecurityThroughObscurity

Well, good luck then.

f0rgiv3n

I'm going to take a different position here and say that none of those answers are correct. "flood guards" like stated above helps mitigate an ARP table flood but not necessarily a single spoofed ARP. I think that the book/quiz is poorly written, hopefully you can find multiple sources for studying.

In case you're curious, what is normally put into place to prevent ARP spoofing is what is called "Dynamic ARP Inspection". Essentially, it piggybacks on an existing DHCP database (DHCP Snooping) on the switch and keeps a database of what MACs belong to what ports. That way if an ARP request that is being spoofed comes from a different port than usual, it will block that packet.

linuxlover

CompTIA exams contain a lot of these ambiguous questions, it's nothing new with them. The sad thing is you need to pay more attention to understanding the questions rather than understanding material itself, so when you figure out the process behind that you can pass their exams without much studying. I guess the material is so light that they need to make exams harder by making questions trickier wherever they can. I've also noticed a lot of questions-answers don't really make much sense, sometimes there would be multiple correct answers, sometimes the question would be totally out of the scope of the exam, it's like they outsource the work to some students in third world countries to make these questions.

longbits

One thing I am learning I need to do is really read the question well. I have a tendency to read them too quickly and pick the first available logical answer. You are right about the material being fairly light. I just need to take my time. It only takes me about 35 mins to answer 100 of the questions in Darril's book and practice questions site.

proph21

longbits wrote: »

One thing I am learning I need to do is really read the question well. I have a tendency to read them too quickly and pick the first available logical answer. You are right about the material being fairly light. I just need to take my time. It only takes me about 35 mins to answer 100 of the questions in Darril's book and practice questions site.

Yeah. One thing I am going to do when taking the test is to skim the performance-based questions and if it doesn't require much thought, I will complete them, while marking others for later. Don't want to spend some time on them and feel rushed with the multiple choice, which in my case, would make me more likely to not read questions as carefully.

Also, I found that during practice tests when there are 2-3 answers that "could" be correct, going back through the wording of the question helps discover key words that point to 1 answer being more correct than others.