hi all
programs like mac spoofing and others driving all network admins crazy i am sure
normally spoofing are blocked by hotspot when enabling mac login
by default if mac spoofing is active the customer logged out throw http and try to loging using mac
and will fail now it is done
BUT NETCUT
it use bad arp reply
and how to block programs like that ?!!!!???!!!!!
i have tried to use the local lan as reply arp only > no success
tried to block icmp also no success
may be disabling scanners work also not
may be blocking mac discovery will work but HOW
this is the urgent question ideas people
Re: there is must be a solution (arp spoofers)
This problem making me just crazy as hell from few days. What to do? arp reply only not working also. 
Help us out.
Help us out.
Re: there is must be a solution (arp spoofers)
Block forwarding between users on this same network.
Re: there is must be a solution (arp spoofers)
Dear ayufan,
Can you please explain it briefly, I mean any example.
Thanks
Can you please explain it briefly, I mean any example.
Thanks
Re: there is must be a solution (arp spoofers)
use a smart switch with this function, also maybe VLAN?
Re: there is must be a solution (arp spoofers)
exampels please
i like the idea about blocking forwarding inside lan between users
exampels plz
i like the idea about blocking forwarding inside lan between users
exampels plz
-
-
navibaghdad
newbie
- Posts: 27
- Joined:
Re: there is must be a solution (arp spoofers)
any example for disable forwarding between users ??? I ask for that in another topic before 6 month but no one give me any solution for disabling forwarding between user
-
-
abab_rafiq
Member Candidate
- Posts: 118
- Joined:
- Location: Dhaka
Re: there is must be a solution (arp spoofers)
Dangerous situation can happened from 8v8.biz which use ARP spoofing. For all kinds of network engineer, system admin please read out to block 8v8.biz
http://www.aub5thcse.com/forum/viewtopic.php?t=322
Rafiq...
http://www.aub5thcse.com/forum/viewtopic.php?t=322
Rafiq...
Re: there is must be a solution (arp spoofers)
when i realised someone is using my ip:XXXXXXX . then i static the ip from ARP list & made the lan to reply only. But i really shocked he is still using this ip. he has changed his mac address to same as mine. maybe by using MAC scanner & changer software. Any one have any idea to save from this Culprit???
Thnxs,
raktim
he is still using this ip. he has changed his mac address to same as mine. maybe by using MAC scanner & changer software. Any one have any idea to save from this Culprit???Thnxs,
raktim
Re: there is must be a solution (arp spoofers)
In Ethernet network (wired network using switches) all users are in the same physical layer and using Media Access Control is is hard (almost impossible) to make hierarchy - who is main router and who client. There is no security.
As normis mentioned before way to disable forwarding between Ethernet users is manageable switch.
There is many articles about arp spoofing how to detect and prevent it, like http://www.watchguard.com/infocenter/ed ... 135324.asp
As normis mentioned before way to disable forwarding between Ethernet users is manageable switch.
There is many articles about arp spoofing how to detect and prevent it, like http://www.watchguard.com/infocenter/ed ... 135324.asp
-
-
ahmedsaffar76
Member
- Posts: 306
- Joined:
- Location: Iraq
Re: there is must be a solution (arp spoofers)
hi ;
i in this moment add a new rule to the forward chain to check if it will stop netcut program ?
i am using bridge1 to connect the users to the internet and i define the local-addr for my lan network ip .
so in this rule i am dropping any thing is initiated from local-addr and coming from bridge1 and going to local-addr through bridge1 .
comments on this rule will be welcomed .
also pppoe solve the case of netcut but i faced problems with the pppoe , where the clients face stop in the service from time to time and they have to disconnect the connection and reconnect again .
with best regards .
i in this moment add a new rule to the forward chain to check if it will stop netcut program ?
Code: Select all
add action=jump chain=forward comment="" disabled=no dst-address-list=local-addr in-interface=bridge1 \
jump-target=drop out-interface=bridge1 src-address-list=local-addr
so in this rule i am dropping any thing is initiated from local-addr and coming from bridge1 and going to local-addr through bridge1 .
comments on this rule will be welcomed .
also pppoe solve the case of netcut but i faced problems with the pppoe , where the clients face stop in the service from time to time and they have to disconnect the connection and reconnect again .
with best regards .
Re: there is must be a solution (arp spoofers)
PPPoE Implementation has solved these kind of issues in our network.
Regards.
Faton
Regards.
Faton
-
-
alternativi_boy
Frequent Visitor
- Posts: 53
- Joined:
Re: there is must be a solution (arp spoofers)
fatonk if you can add me in last reply that i wrote...With Respect alternativi
-
-
ahmedsaffar76
Member
- Posts: 306
- Joined:
- Location: Iraq
Re: there is must be a solution (arp spoofers)
Hi again ;
i am currently using the following firewall rules but the counters still zero , i don't know if they are wrong or no one trying to do bad things to the network .
Normis , please explain how the VLAN solve this case ? .
with best regards .
i am currently using the following firewall rules but the counters still zero , i don't know if they are wrong or no one trying to do bad things to the network .
Normis , please explain how the VLAN solve this case ? .
Code: Select all
add action=jump chain=input comment="" disabled=no dst-address-type=local \
in-interface=bridge1 jump-target=drop src-address=192.168.190.0/24 \
src-address-list=local-addr src-address-type=broadcast
add action=jump chain=forward comment="" disabled=no dst-address-type=local \
in-interface=bridge1 jump-target=drop out-interface=bridge1 \
src-address=192.168.190.0/24 src-address-list=local-addr \
src-address-type=broadcast