there is must be a solution (arp spoofers)

RouterOS General
1

hi all

programs like mac spoofing and others driving all network admins crazy i am sure

normally spoofing are blocked by hotspot when enabling mac login

by default if mac spoofing is active the customer logged out throw http and try to loging using mac

and will fail now it is done


BUT NETCUT
it use bad arp reply

and how to block programs like that !!!

i have tried to use the local lan as reply arp only > no success

tried to block icmp also no success

may be disabling scanners work also not

may be blocking mac discovery will work but HOW

this is the urgent question ideas people

2

This problem making me just crazy as hell from few days. What to do? arp reply only not working also. :frowning:

Help us out.

3

Block forwarding between users on this same network.

4

Dear ayufan,

Can you please explain it briefly, I mean any example.

Thanks

5

use a smart switch with this function, also maybe VLAN?

6

exampels please

i like the idea about blocking forwarding inside lan between users

exampels plz

7

any example for disable forwarding between users ??? I ask for that in another topic before 6 month but no one give me any solution for disabling forwarding between user

8

Dangerous situation can happened from 8v8.biz which use ARP spoofing. For all kinds of network engineer, system admin please read out to block 8v8.biz

http://www.aub5thcse.com/forum/viewtopic.php?t=322

Rafiq…

9

when i realised someone is using my ip:XXXXXXX . then i static the ip from ARP list & made the lan to reply only. But i really shocked :frowning: he is still using this ip. he has changed his mac address to same as mine. maybe by using MAC scanner & changer software. Any one have any idea to save from this Culprit???



Thnxs,
raktim

10

In Ethernet network (wired network using switches) all users are in the same physical layer and using Media Access Control is is hard (almost impossible) to make hierarchy - who is main router and who client. There is no security.
As normis mentioned before way to disable forwarding between Ethernet users is manageable switch.
There is many articles about arp spoofing how to detect and prevent it, like http://www.watchguard.com/infocenter/editorial/135324.asp

11

hi ;
i in this moment add a new rule to the forward chain to check if it will stop netcut program ?

add action=jump chain=forward comment="" disabled=no dst-address-list=local-addr in-interface=bridge1 \
    jump-target=drop out-interface=bridge1 src-address-list=local-addr

i am using bridge1 to connect the users to the internet and i define the local-addr for my lan network ip .
so in this rule i am dropping any thing is initiated from local-addr and coming from bridge1 and going to local-addr through bridge1 .

comments on this rule will be welcomed .
also pppoe solve the case of netcut but i faced problems with the pppoe , where the clients face stop in the service from time to time and they have to disconnect the connection and reconnect again .
with best regards .

12

PPPoE Implementation has solved these kind of issues in our network.

Regards.

Faton

13

fatonk if you can add me in last reply that i wrote…With Respect alternativi

14

to alternativi: fatonkurteshi@yahoo.com

15

Hi again ;
i am currently using the following firewall rules but the counters still zero , i don’t know if they are wrong or no one trying to do bad things to the network .
Normis , please explain how the VLAN solve this case ? .

add action=jump chain=input comment="" disabled=no dst-address-type=local \
    in-interface=bridge1 jump-target=drop src-address=192.168.190.0/24 \
    src-address-list=local-addr src-address-type=broadcast 

add action=jump chain=forward comment="" disabled=no dst-address-type=local \
    in-interface=bridge1 jump-target=drop out-interface=bridge1 \
    src-address=192.168.190.0/24 src-address-list=local-addr \
    src-address-type=broadcast

with best regards .