As Salam U Alikum,
i've been facing ARP spoofing/posioning problem on my network from 1 week, cloning mac addresses and request of proxy goining on clients systems, there are 80 users on network and 20 out of 80 sending this attacks, but the main thing is there are 3 girls who doesnt know how to operate computer completely they just read thier mails and voice chat with thier reletives out of pakistan. how can they do ARP spoofing?
or might be thier systems are infected? but they already reinstall thier window 2 times.
any solution for get rid of it?
thanks & regards
ARP Spoofing/Poisoning
ARP Spoofing/Poisoning
Linux Addicted
-
- Havaldaar
- Posts: 105
- Joined: Mon Jun 24, 2002 10:01 am
- Location: Karachi
proof?
[1] How do you know that it is those 3 girls computers that are spoofing?
[2] Reinstall their computers with Linux and tell them that this is the latest release.
[2] Reinstall their computers with Linux and tell them that this is the latest release.
As Salam U Alikum,
Dear Ashariqbal,
[1] its a internet cable service, so i know operator are girls, and only these 3 girls are not attackers, totaly number of attacker systems are 20 and these 3 are also in these 20 systems. i was just saying these girls do know how to use computer. they just do mails and voice chat, how can they do spoofing?
[2] they cant even handle windows xp, how can they use linux?
Dear Ashariqbal,
[1] its a internet cable service, so i know operator are girls, and only these 3 girls are not attackers, totaly number of attacker systems are 20 and these 3 are also in these 20 systems. i was just saying these girls do know how to use computer. they just do mails and voice chat, how can they do spoofing?
[2] they cant even handle windows xp, how can they use linux?
Linux Addicted
-
- Havaldaar
- Posts: 105
- Joined: Mon Jun 24, 2002 10:01 am
- Location: Karachi
How did you trace the spoof attack to their computer? Do you know for sure that it was these 3 computers or are you guessing?AcidEYE wrote: [1] its a internet cable service, so i know operator are girls, and only these 3 girls are not attackers, totaly number of attacker systems are 20 and these 3 are also in these 20 systems. i was just saying these girls do know how to use computer. they just do mails and voice chat, how can they do spoofing?
Probably some one else is spoofing their MAC
What is there to handle? All they have to do is run Firefox and other applications.AcidEYE wrote: [2] they cant even handle windows xp, how can they use linux?
My 4 year old son can use Linux. Its easy.
As Salam U Alikum,
Dear Ashariqbal,
132498242.5442 4093 10.0.0.41 TCP_MISS/502 5622 OPTION http://10.0.0.5/ NONE- TEXT/
10.0.0.41 is one of the girl computer address, and 10.0.0.5 is another client address, but 41 ip hit on all network ip one by one in squid access.log like 10.0.0.5 to 10.0.0.80.
but i am still not sure who is doing this spoofing. this is what all i get, remeber there is not only these 3 girls computer, there are 20 computers which is doing same like girls computers.
thanks & regards
Dear Ashariqbal,
i've checked by arp -nv, thier mac addresses cloning, and then i checked in squid access.log file, their ip address is doing something like that:How did you trace the spoof attack to their computer? Do you know for sure that it was these 3 computers or are you guessing?
Probably some one else is spoofing their MAC
132498242.5442 4093 10.0.0.41 TCP_MISS/502 5622 OPTION http://10.0.0.5/ NONE- TEXT/
10.0.0.41 is one of the girl computer address, and 10.0.0.5 is another client address, but 41 ip hit on all network ip one by one in squid access.log like 10.0.0.5 to 10.0.0.80.
but i am still not sure who is doing this spoofing. this is what all i get, remeber there is not only these 3 girls computer, there are 20 computers which is doing same like girls computers.
believe me they wont go for Linux.What is there to handle? All they have to do is run Firefox and other applications.
My 4 year old son can use Linux. Its easy.
thanks & regards
Linux Addicted
-
- Battalion Quarter Master Havaldaar
- Posts: 207
- Joined: Sat Aug 09, 2003 5:00 pm
- Location: Karachi
- Contact:
This software will help you to find, who is actual user which is doing this sort of attack. but you will have to install it on any xp machine and monitor your network.
http://download.antiarp.com/tmp/antiarp4.3.1_eng.exe
http://download.antiarp.com/tmp/antiarp4.3.1_eng.exe
AOA,
Dear AcidEYE,
If problem is out of control, i will suggest go for HARDWARE FIREWALL Solution.
Dear AcidEYE,
If problem is out of control, i will suggest go for HARDWARE FIREWALL Solution.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
As Salam U Alikum,
Dear Everybody,
thanks for the coperation, i've found that no one is actually doing ARP spoofing, what i found is these malware in thier systems:
1. googleones.exe
2. woso.exe
3. microsofts.bat
4. tomons.exe
i personaly clean thier system and found these malware after that thier systems working fine till now. i hope problem was only these malware.
Thanks & Regards
Dear Everybody,
thanks for the coperation, i've found that no one is actually doing ARP spoofing, what i found is these malware in thier systems:
1. googleones.exe
2. woso.exe
3. microsofts.bat
4. tomons.exe
i personaly clean thier system and found these malware after that thier systems working fine till now. i hope problem was only these malware.
Thanks & Regards
Linux Addicted