Re: netcut
- From: "habibielwa7id" <fouad012@xxxxxxxxx>
- Date: 14 Oct 2006 17:49:54 -0700
first of all thank you..
Rudolf Polzer wrote:
»habibielwa7id« <fouad012@xxxxxxxxx> wrote:yes iam sure it's working by ARP poisoning,when i used some sniffers
dear friends:
i think all of you know about the netcut program that some stupid
users use it on windows systems to prevent the other users on the same
lan from login to the internet,and there is asolution to this problem
on windows systems called anti-netcut, anybody knows asolution like
this can work on linux systems ?how can i prevent the users from using
this program to prevent my linux pox from contacting the gateway ?
thanks.
No, I do not know netcut, however:
According to their website, it seems to work by ARP poisoning. The only
working method to counter it are fixed ARP tables.
like tcpdump and ethereal to view what's happening i found it's not
affecting your pc only but also the router it self by many ways like
adding another mac address to the gateway into the pc ARP table so the
machine can't contact the gateway,and it make the same to the router
ARP table so the router can't contact the victim pc.
Now the big problem: this only works if BOTH sides are using fixed ARPno, i have control over the router and yesterday i configured alinux
tables. But you have no control over the ARP table of the router.
router with squid and it's the gateway of the lan now but i think it's
alone will not prevent netcut from poisonning the ARP tables,so i
search for good solutions to help the linux router to prevent this
attack.
This attack is impossible to counter to 100%. But you can direct ARPyes,those programs and it's solutions cos a senseless flooding battle
replies at your gateway that tell it your real MAC address and send them
regularily. When using a switch (as opposed to a hup), you can't know
when the "bad guy" sends his ARP replies that claim that your IP is
owned by some other MAC address, so the one who sends more often has
more success. In the end this will result in a senseless flooding
battle.
as you said.
As an attempt to check for this, try:i think this will help and i will try.
arping -A your.local.ip.address
If this helps, netcut is quite brain-dead and you have a solution.this can be easily done with asmall script and crontab.i think if i
However, I'd rather expect netcut to detect these replies and then
immediately add its own. You could patch arping to direct these replies
at the gateway's MAC address, or find a program which can do that.
disable the automatic ARP resolving on the router and use fixed ARP
enteries this will save the router time and bandwidth and may hinder
the problem ,so i will try and thank you again .
--
Unwichtige Links zum Zeitvertreib:
http://www.thedailywtf.com/
http://www.alientrap.org/nexuiz/
http://www.clientcopia.com/
.
- Follow-Ups:
- Re: netcut
- From: Moe Trin
- Re: netcut
- From: Rudolf Polzer
- Re: netcut
- References:
- netcut
- From: habibielwa7id
- Re: netcut
- From: Rudolf Polzer
- netcut
- Prev by Date: Re: netcut
- Next by Date: Re: Friday night, again - NSA wiretap
- Previous by thread: Re: netcut
- Next by thread: Re: netcut
- Index(es):
Relevant Pages
|
