Community discussions

MikroTik App
 
foffa
newbie
Topic Author
Posts: 32
Joined: Fri Aug 17, 2007 1:23 am

there is must be a solution (arp spoofers)

Tue Mar 04, 2008 1:41 pm

hi all

programs like mac spoofing and others driving all network admins crazy i am sure

normally spoofing are blocked by hotspot when enabling mac login

by default if mac spoofing is active the customer logged out throw http and try to loging using mac

and will fail now it is done


BUT NETCUT
it use bad arp reply

and how to block programs like that ?!!!!???!!!!!

i have tried to use the local lan as reply arp only > no success

tried to block icmp also no success

may be disabling scanners work also not

may be blocking mac discovery will work but HOW

this is the urgent question ideas people
 
User avatar
hulk-bd
Member Candidate
Member Candidate
Posts: 227
Joined: Mon Sep 03, 2007 7:19 pm
Location: Uttara, Dhaka, Bangladesh

Re: there is must be a solution (arp spoofers)

Tue Mar 04, 2008 2:16 pm

This problem making me just crazy as hell from few days. What to do? arp reply only not working also. :(

Help us out.
 
ayufan
Member
Member
Posts: 331
Joined: Sun Jun 03, 2007 9:35 pm
Contact:

Re: there is must be a solution (arp spoofers)

Tue Mar 04, 2008 2:25 pm

Block forwarding between users on this same network.
hAP AC, TP-Link Archer C7 v2, RB951G, RB450G, RPI2, RPI zero
 
User avatar
hulk-bd
Member Candidate
Member Candidate
Posts: 227
Joined: Mon Sep 03, 2007 7:19 pm
Location: Uttara, Dhaka, Bangladesh

Re: there is must be a solution (arp spoofers)

Tue Mar 04, 2008 2:57 pm

Dear ayufan,

Can you please explain it briefly, I mean any example.

Thanks
Don't worry, be happy :) .......
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24609
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: there is must be a solution (arp spoofers)

Tue Mar 04, 2008 3:15 pm

use a smart switch with this function, also maybe VLAN?
No answer to your question? How to write posts
 
foffa
newbie
Topic Author
Posts: 32
Joined: Fri Aug 17, 2007 1:23 am

Re: there is must be a solution (arp spoofers)

Sat Mar 08, 2008 8:01 pm

exampels please

i like the idea about blocking forwarding inside lan between users

exampels plz
 
User avatar
navibaghdad
newbie
Posts: 27
Joined: Mon Oct 09, 2006 5:38 pm

Re: there is must be a solution (arp spoofers)

Sun Mar 09, 2008 3:25 am

any example for disable forwarding between users ??? I ask for that in another topic before 6 month but no one give me any solution for disabling forwarding between user
 
abab_rafiq
Member Candidate
Member Candidate
Posts: 120
Joined: Thu Aug 24, 2006 12:47 pm
Location: Dhaka

Re: there is must be a solution (arp spoofers)

Sun Mar 09, 2008 1:35 pm

Dangerous situation can happened from 8v8.biz which use ARP spoofing. For all kinds of network engineer, system admin please read out to block 8v8.biz

http://www.aub5thcse.com/forum/viewtopic.php?t=322

Rafiq...
 
raktim
Member Candidate
Member Candidate
Posts: 184
Joined: Fri Jun 15, 2007 7:22 am

Re: there is must be a solution (arp spoofers)

Sun Mar 16, 2008 5:41 am

when i realised someone is using my ip:XXXXXXX . then i static the ip from ARP list & made the lan to reply only. But i really shocked :( he is still using this ip. he has changed his mac address to same as mine. maybe by using MAC scanner & changer software. Any one have any idea to save from this Culprit???



Thnxs,
raktim
 
yancho
Member Candidate
Member Candidate
Posts: 205
Joined: Tue Jun 01, 2004 3:04 pm
Location: LV

Re: there is must be a solution (arp spoofers)

Sun Mar 16, 2008 1:37 pm

In Ethernet network (wired network using switches) all users are in the same physical layer and using Media Access Control is is hard (almost impossible) to make hierarchy - who is main router and who client. There is no security.
As normis mentioned before way to disable forwarding between Ethernet users is manageable switch.
There is many articles about arp spoofing how to detect and prevent it, like http://www.watchguard.com/infocenter/ed ... 135324.asp
 
User avatar
ahmedsaffar76
Member
Member
Posts: 307
Joined: Sun Feb 17, 2008 2:56 pm
Location: Iraq

Re: there is must be a solution (arp spoofers)

Mon Apr 14, 2008 8:08 pm

hi ;
i in this moment add a new rule to the forward chain to check if it will stop netcut program ?
add action=jump chain=forward comment="" disabled=no dst-address-list=local-addr in-interface=bridge1 \
    jump-target=drop out-interface=bridge1 src-address-list=local-addr 

i am using bridge1 to connect the users to the internet and i define the local-addr for my lan network ip .
so in this rule i am dropping any thing is initiated from local-addr and coming from bridge1 and going to local-addr through bridge1 .

comments on this rule will be welcomed .
also pppoe solve the case of netcut but i faced problems with the pppoe , where the clients face stop in the service from time to time and they have to disconnect the connection and reconnect again .
with best regards .
 
User avatar
fatonk
Member
Member
Posts: 439
Joined: Tue Feb 22, 2005 11:06 am
Location: Mitrovica/Kosova

Re: there is must be a solution (arp spoofers)

Mon Apr 14, 2008 11:00 pm

PPPoE Implementation has solved these kind of issues in our network.

Regards.

Faton
 
alternativi_boy
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Tue Apr 01, 2008 8:39 pm

Re: there is must be a solution (arp spoofers)

Mon Apr 14, 2008 11:05 pm

fatonk if you can add me in last reply that i wrote...With Respect alternativi
 
User avatar
fatonk
Member
Member
Posts: 439
Joined: Tue Feb 22, 2005 11:06 am
Location: Mitrovica/Kosova

Re: there is must be a solution (arp spoofers)

Mon Apr 14, 2008 11:14 pm

to alternativi: fatonkurteshi@yahoo.com
 
User avatar
ahmedsaffar76
Member
Member
Posts: 307
Joined: Sun Feb 17, 2008 2:56 pm
Location: Iraq

Re: there is must be a solution (arp spoofers)

Tue Apr 15, 2008 1:41 am

Hi again ;
i am currently using the following firewall rules but the counters still zero , i don't know if they are wrong or no one trying to do bad things to the network .
Normis , please explain how the VLAN solve this case ? .
add action=jump chain=input comment="" disabled=no dst-address-type=local \
    in-interface=bridge1 jump-target=drop src-address=192.168.190.0/24 \
    src-address-list=local-addr src-address-type=broadcast 

add action=jump chain=forward comment="" disabled=no dst-address-type=local \
    in-interface=bridge1 jump-target=drop out-interface=bridge1 \
    src-address=192.168.190.0/24 src-address-list=local-addr \
    src-address-type=broadcast 

with best regards .

Who is online

Users browsing this forum: anav, Davis, mbovenka, mirk, paoloangeli, shahjaufar, StephenL, VanceG, wolfenv and 84 guests