ARP Spoofing/Poisoning

[AcidEYE]

As Salam U Alikum,

i've been facing ARP spoofing/posioning problem on my network from 1 week, cloning mac addresses and request of proxy goining on clients systems, there are 80 users on network and 20 out of 80 sending this attacks, but the main thing is there are 3 girls who doesnt know how to operate computer completely they just read thier mails and voice chat with thier reletives out of pakistan. how can they do ARP spoofing?
or might be thier systems are infected? but they already reinstall thier window 2 times.

any solution for get rid of it?


thanks & regards

[ashariqbal]

[1] How do you know that it is those 3 girls computers that are spoofing?

[2] Reinstall their computers with Linux and tell them that this is the latest release.

[AcidEYE]

As Salam U Alikum,

Dear Ashariqbal,

[1] its a internet cable service, so i know operator are girls, and only these 3 girls are not attackers, totaly number of attacker systems are 20 and these 3 are also in these 20 systems. i was just saying these girls do know how to use computer. they just do mails and voice chat, how can they do spoofing?

[2] they cant even handle windows xp, how can they use linux?

[ashariqbal]

[1] its a internet cable service, so i know operator are girls, and only these 3 girls are not attackers, totaly number of attacker systems are 20 and these 3 are also in these 20 systems. i was just saying these girls do know how to use computer. they just do mails and voice chat, how can they do spoofing?

How did you trace the spoof attack to their computer? Do you know for sure that it was these 3 computers or are you guessing?
Probably some one else is spoofing their MAC

[2] they cant even handle windows xp, how can they use linux?

What is there to handle? All they have to do is run Firefox and other applications.
My 4 year old son can use Linux. Its easy.

[AcidEYE]

As Salam U Alikum,

Dear Ashariqbal,

How did you trace the spoof attack to their computer? Do you know for sure that it was these 3 computers or are you guessing?
Probably some one else is spoofing their MAC

i've checked by arp -nv, thier mac addresses cloning, and then i checked in squid access.log file, their ip address is doing something like that:

132498242.5442 4093 10.0.0.41 TCP_MISS/502 5622 OPTION http://10.0.0.5/ NONE- TEXT/

10.0.0.41 is one of the girl computer address, and 10.0.0.5 is another client address, but 41 ip hit on all network ip one by one in squid access.log like 10.0.0.5 to 10.0.0.80.
but i am still not sure who is doing this spoofing. this is what all i get, remeber there is not only these 3 girls computer, there are 20 computers which is doing same like girls computers.

What is there to handle? All they have to do is run Firefox and other applications.
My 4 year old son can use Linux. Its easy.

believe me they wont go for Linux.

thanks & regards

[shakirz1]

This software will help you to find, who is actual user which is doing this sort of attack. but you will have to install it on any xp machine and monitor your network.

http://download.antiarp.com/tmp/antiarp4.3.1_eng.exe

[mudasir]

AOA,

Dear AcidEYE,

If problem is out of control, i will suggest go for HARDWARE FIREWALL Solution.

[AcidEYE]

As Salam U Alikum,

Dear Everybody,

thanks for the coperation, i've found that no one is actually doing ARP spoofing, what i found is these malware in thier systems:


1. googleones.exe
2. woso.exe
3. microsofts.bat
4. tomons.exe


i personaly clean thier system and found these malware after that thier systems working fine till now. i hope problem was only these malware.

Thanks & Regards