ARP Poisoning

Protecting your Linux box
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

Dear Usman bhai,

To be very frank i dont know C. I have only little experience in VB.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

this is why i said if you agree to share your idea i am agree to share my skills.
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
azfar
Captain
Posts: 598
Joined: Tue Mar 23, 2004 1:16 am
Location: Karachi
Contact:

Post by azfar »

mudasir wrote:AOA,

The application i created performs some steps to make sure client's ARP cache is proper as per the network. One of the steps is to make static ARP entry.

The software has some extra features also, however right now i only have XP compatible version of it and working with VISTA compatible version.
How you are creating the static entry. shell or API?
Azfar Hashmi
Email : azfarhashmi@hotmail.com
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

I am using "netsh" to make static entries, and also using API for other purposes.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
azfar
Captain
Posts: 598
Joined: Tue Mar 23, 2004 1:16 am
Location: Karachi
Contact:

Post by azfar »

mudasir wrote:AOA,

I am using "netsh" to make static entries, and also using API for other purposes.
VB?

and what difficulty you have in vista?
Azfar Hashmi
Email : azfarhashmi@hotmail.com
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

I have succefully ported this app for VISTA using .NET 2008.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
osama
Havaldaar
Posts: 117
Joined: Fri Aug 22, 2008 9:08 am

Post by osama »

Can ur application do something for us ?
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

Dear May i know your issue. What are you facing and what are you looking for.

What do you want this app to do.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
azfar
Captain
Posts: 598
Joined: Tue Mar 23, 2004 1:16 am
Location: Karachi
Contact:

Post by azfar »

congrats and any preview or feature list?
Azfar Hashmi
Email : azfarhashmi@hotmail.com
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

Dear thanks, BTW, may i know congrats for what. I have not done anything special.

And about feature list, thats not big, and not even contains something that can amaze people.

Current Features.
1. Displays Information about your own network on main FORM. (IP, MAC, Host Name, Current Profile being used).
2. Displays the status to server (Connected / Not Connected).
3. Cleans and refreshes ARP Table by using netsh. (XP+Vista)
4. Specific to Particular Network.

TODO List.
1. Will add feature to authenticate from server using a particular serial number.(specific to individual client).
2. Will add feature to ping the server directly from the app.
3. Will add the feature to Mail the IP-MAC at initial install to the network admin.
4. Will add a feature to read a file from network and maintain ARP Table from that file of IP-MAC.
4. Learning C to port the app from VB to C.
5. Learning .NET 2008 to use my App at its best with 2008 server and Vista.

(More ideas are needed).
Thats all from my simple Application.

Please let me know anything else.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
osama
Havaldaar
Posts: 117
Joined: Fri Aug 22, 2008 9:08 am

Post by osama »

Hey Mudasir, R u publishing your software somewhere?
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

I have not published it anywhere, becasue i have to compile it with specific MAC Address for specific network and with some extra features, as per the requirements.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
qasali
Cadet
Posts: 10
Joined: Thu Jan 22, 2009 9:12 am

Post by qasali »

hi all,

the post and all the replies were informative and also interesting. Recently i have been working on arp cache poisoning. i thought to develop a small program to poison arp cache of all Pcs on LAN. I did it successfully. I used C language, libnet APIs in Fedora.

My program runs in an infinite loop and sends gratuitous ARP reply each time with source ip and destination ip and fake MAC address of a PC which i want to pollute in Client PCs over the network.

I also posted the code on this forum but the site admin i think deleted the thread which i think was against the rules (posting of malicious code).

Now i m trying to develop a program which will detect the attack using C language, Libpcap.

Of course managed switches and port security (binding allowed MAC address) is the ultimate solution but it is not possible when u r managing big networks like 50+ users. System Administrators might second me.

Any how, if anyone wants to join me in this area with ideas and of course some help, I will be happy to work as team

Take care all

Qasim
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

Dear,

i left working on ARP issue long time back, figured out many different solutions.

ARP issue was faced by many/almost cable internet operators in karachi, many of them installed Anti-Poisoner (i think initially developed by Hamid bhai), many of them switched to large providers.

Shifting to Layer-3 can solve issues on large networks, however internal area issues will still remain same.

To get rid of the issue what i did.
1. Switched to PPPoE authentication.
2. No gateway provided through DHCP.

These two steps worked out for me, however deploying this on a large network can create issues, becasue PPPoE works on Broadcast.

VPN would be a better solution on large networks.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Post Reply