Page 1 of 1

there is must be a solution (arp spoofers)

Posted: Tue Mar 04, 2008 1:41 pm
by foffa
hi all

programs like mac spoofing and others driving all network admins crazy i am sure

normally spoofing are blocked by hotspot when enabling mac login

by default if mac spoofing is active the customer logged out throw http and try to loging using mac

and will fail now it is done


BUT NETCUT
it use bad arp reply

and how to block programs like that ?!!!!???!!!!!

i have tried to use the local lan as reply arp only > no success

tried to block icmp also no success

may be disabling scanners work also not

may be blocking mac discovery will work but HOW

this is the urgent question ideas people

Re: there is must be a solution (arp spoofers)

Posted: Tue Mar 04, 2008 2:16 pm
by hulk-bd
This problem making me just crazy as hell from few days. What to do? arp reply only not working also. :(

Help us out.

Re: there is must be a solution (arp spoofers)

Posted: Tue Mar 04, 2008 2:25 pm
by ayufan
Block forwarding between users on this same network.

Re: there is must be a solution (arp spoofers)

Posted: Tue Mar 04, 2008 2:57 pm
by hulk-bd
Dear ayufan,

Can you please explain it briefly, I mean any example.

Thanks

Re: there is must be a solution (arp spoofers)

Posted: Tue Mar 04, 2008 3:15 pm
by normis
use a smart switch with this function, also maybe VLAN?

Re: there is must be a solution (arp spoofers)

Posted: Sat Mar 08, 2008 8:01 pm
by foffa
exampels please

i like the idea about blocking forwarding inside lan between users

exampels plz

Re: there is must be a solution (arp spoofers)

Posted: Sun Mar 09, 2008 3:25 am
by navibaghdad
any example for disable forwarding between users ??? I ask for that in another topic before 6 month but no one give me any solution for disabling forwarding between user

Re: there is must be a solution (arp spoofers)

Posted: Sun Mar 09, 2008 1:35 pm
by abab_rafiq
Dangerous situation can happened from 8v8.biz which use ARP spoofing. For all kinds of network engineer, system admin please read out to block 8v8.biz

http://www.aub5thcse.com/forum/viewtopic.php?t=322

Rafiq...

Re: there is must be a solution (arp spoofers)

Posted: Sun Mar 16, 2008 5:41 am
by raktim
when i realised someone is using my ip:XXXXXXX . then i static the ip from ARP list & made the lan to reply only. But i really shocked :( he is still using this ip. he has changed his mac address to same as mine. maybe by using MAC scanner & changer software. Any one have any idea to save from this Culprit???



Thnxs,
raktim

Re: there is must be a solution (arp spoofers)

Posted: Sun Mar 16, 2008 1:37 pm
by yancho
In Ethernet network (wired network using switches) all users are in the same physical layer and using Media Access Control is is hard (almost impossible) to make hierarchy - who is main router and who client. There is no security.
As normis mentioned before way to disable forwarding between Ethernet users is manageable switch.
There is many articles about arp spoofing how to detect and prevent it, like http://www.watchguard.com/infocenter/ed ... 135324.asp

Re: there is must be a solution (arp spoofers)

Posted: Mon Apr 14, 2008 8:08 pm
by ahmedsaffar76
hi ;
i in this moment add a new rule to the forward chain to check if it will stop netcut program ?
add action=jump chain=forward comment="" disabled=no dst-address-list=local-addr in-interface=bridge1 \
    jump-target=drop out-interface=bridge1 src-address-list=local-addr 

i am using bridge1 to connect the users to the internet and i define the local-addr for my lan network ip .
so in this rule i am dropping any thing is initiated from local-addr and coming from bridge1 and going to local-addr through bridge1 .

comments on this rule will be welcomed .
also pppoe solve the case of netcut but i faced problems with the pppoe , where the clients face stop in the service from time to time and they have to disconnect the connection and reconnect again .
with best regards .

Re: there is must be a solution (arp spoofers)

Posted: Mon Apr 14, 2008 11:00 pm
by fatonk
PPPoE Implementation has solved these kind of issues in our network.

Regards.

Faton

Re: there is must be a solution (arp spoofers)

Posted: Mon Apr 14, 2008 11:05 pm
by alternativi_boy
fatonk if you can add me in last reply that i wrote...With Respect alternativi

Re: there is must be a solution (arp spoofers)

Posted: Mon Apr 14, 2008 11:14 pm
by fatonk
to alternativi: fatonkurteshi@yahoo.com

Re: there is must be a solution (arp spoofers)

Posted: Tue Apr 15, 2008 1:41 am
by ahmedsaffar76
Hi again ;
i am currently using the following firewall rules but the counters still zero , i don't know if they are wrong or no one trying to do bad things to the network .
Normis , please explain how the VLAN solve this case ? .
add action=jump chain=input comment="" disabled=no dst-address-type=local \
    in-interface=bridge1 jump-target=drop src-address=192.168.190.0/24 \
    src-address-list=local-addr src-address-type=broadcast 

add action=jump chain=forward comment="" disabled=no dst-address-type=local \
    in-interface=bridge1 jump-target=drop out-interface=bridge1 \
    src-address=192.168.190.0/24 src-address-list=local-addr \
    src-address-type=broadcast 

with best regards .