ARP Poisoning

Protecting your Linux box
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Sat Dec 27, 2008 1:27 am

Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Postby x2oxen » Fri Jan 02, 2009 12:59 pm

Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com

azfar
Captain
Posts: 598
Joined: Tue Mar 23, 2004 1:16 am
Location: Karachi
Contact:

Postby azfar » Thu Jan 15, 2009 6:03 pm

Azfar Hashmi
Email : azfarhashmi@hotmail.com

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Fri Jan 16, 2009 2:05 am

Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

azfar
Captain
Posts: 598
Joined: Tue Mar 23, 2004 1:16 am
Location: Karachi
Contact:

Postby azfar » Fri Jan 16, 2009 6:21 pm

Azfar Hashmi

Email : azfarhashmi@hotmail.com

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Sat Jan 17, 2009 1:49 pm

Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

osama
Havaldaar
Posts: 117
Joined: Fri Aug 22, 2008 9:08 am

Postby osama » Mon Jan 19, 2009 3:47 pm

Can ur application do something for us ?

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Mon Jan 19, 2009 10:02 pm

AOA,

Dear May i know your issue. What are you facing and what are you looking for.

What do you want this app to do.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

azfar
Captain
Posts: 598
Joined: Tue Mar 23, 2004 1:16 am
Location: Karachi
Contact:

Postby azfar » Sun Jan 25, 2009 11:43 pm

Azfar Hashmi

Email : azfarhashmi@hotmail.com

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Mon Jan 26, 2009 2:37 am

Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

osama
Havaldaar
Posts: 117
Joined: Fri Aug 22, 2008 9:08 am

Postby osama » Mon Feb 23, 2009 11:16 am


mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Mon Feb 23, 2009 3:04 pm

AOA,

I have not published it anywhere, becasue i have to compile it with specific MAC Address for specific network and with some extra features, as per the requirements.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

qasali
Cadet
Posts: 10
Joined: Thu Jan 22, 2009 9:12 am

Postby qasali » Sun May 30, 2010 4:27 pm

hi all,

the post and all the replies were informative and also interesting. Recently i have been working on arp cache poisoning. i thought to develop a small program to poison arp cache of all Pcs on LAN. I did it successfully. I used C language, libnet APIs in Fedora.

My program runs in an infinite loop and sends gratuitous ARP reply each time with source ip and destination ip and fake MAC address of a PC which i want to pollute in Client PCs over the network.

I also posted the code on this forum but the site admin i think deleted the thread which i think was against the rules (posting of malicious code).

Now i m trying to develop a program which will detect the attack using C language, Libpcap.

Of course managed switches and port security (binding allowed MAC address) is the ultimate solution but it is not possible when u r managing big networks like 50+ users. System Administrators might second me.

Any how, if anyone wants to join me in this area with ideas and of course some help, I will be happy to work as team

Take care all

Qasim

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Sun May 30, 2010 6:34 pm

Dear,

i left working on ARP issue long time back, figured out many different solutions.

ARP issue was faced by many/almost cable internet operators in karachi, many of them installed Anti-Poisoner (i think initially developed by Hamid bhai), many of them switched to large providers.

Shifting to Layer-3 can solve issues on large networks, however internal area issues will still remain same.

To get rid of the issue what i did.
1. Switched to PPPoE authentication.
2. No gateway provided through DHCP.

These two steps worked out for me, however deploying this on a large network can create issues, becasue PPPoE works on Broadcast.

VPN would be a better solution on large networks.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com


Return to “Security”

Who is online

Users browsing this forum: No registered users and 2 guests