Arp-req overflow
I'm trying to come up with something that would solve an injection attack.
The kind of arp-request overflows people usually throw at you when they want to surf the net.
I'm thinking I might be able to spot the extreme arp activity and just go ifdown eth1 and switch to eth0 instead, now the script handling that is easy. Monitoring the arp activity on the other hand is something I'd like to get some help with. Wireshark perhaps but how to do I extract the data I want, what would be a forbidden value of arp requests..
Thanks guys
|