ARP Poisoning

Protecting your Linux box

Postby mudasir » Sat Dec 27, 2008 1:27 am

AOA,

Dear Usman bhai,

To be very frank i dont know C. I have only little experience in VB.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby x2oxen » Fri Jan 02, 2009 12:59 pm

this is why i said if you agree to share your idea i am agree to share my skills.
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby azfar » Thu Jan 15, 2009 6:03 pm

mudasir wrote:AOA,

The application i created performs some steps to make sure client's ARP cache is proper as per the network. One of the steps is to make static ARP entry.

The software has some extra features also, however right now i only have XP compatible version of it and working with VISTA compatible version.


How you are creating the static entry. shell or API?
Azfar Hashmi
Email : azfarhashmi@hotmail.com
azfar
Captain
 
Posts: 598
Joined: Tue Mar 23, 2004 1:16 am
WLM: azfarhashmi@hotmail.com
Yahoo Messenger: azfarhusain@yahoo.com
Location: Karachi

Postby mudasir » Fri Jan 16, 2009 2:05 am

AOA,

I am using "netsh" to make static entries, and also using API for other purposes.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby azfar » Fri Jan 16, 2009 6:21 pm

mudasir wrote:AOA,

I am using "netsh" to make static entries, and also using API for other purposes.


VB?

and what difficulty you have in vista?
Azfar Hashmi

Email : azfarhashmi@hotmail.com
azfar
Captain
 
Posts: 598
Joined: Tue Mar 23, 2004 1:16 am
WLM: azfarhashmi@hotmail.com
Yahoo Messenger: azfarhusain@yahoo.com
Location: Karachi

Postby mudasir » Sat Jan 17, 2009 1:49 pm

AOA,

I have succefully ported this app for VISTA using .NET 2008.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby osama » Mon Jan 19, 2009 3:47 pm

Can ur application do something for us ?
osama
Havaldaar
 
Posts: 117
Joined: Fri Aug 22, 2008 9:08 am

Postby mudasir » Mon Jan 19, 2009 10:02 pm

AOA,

Dear May i know your issue. What are you facing and what are you looking for.

What do you want this app to do.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby azfar » Sun Jan 25, 2009 11:43 pm

congrats and any preview or feature list?
Azfar Hashmi

Email : azfarhashmi@hotmail.com
azfar
Captain
 
Posts: 598
Joined: Tue Mar 23, 2004 1:16 am
WLM: azfarhashmi@hotmail.com
Yahoo Messenger: azfarhusain@yahoo.com
Location: Karachi

Postby mudasir » Mon Jan 26, 2009 2:37 am

AOA,

Dear thanks, BTW, may i know congrats for what. I have not done anything special.

And about feature list, thats not big, and not even contains something that can amaze people.

Current Features.
1. Displays Information about your own network on main FORM. (IP, MAC, Host Name, Current Profile being used).
2. Displays the status to server (Connected / Not Connected).
3. Cleans and refreshes ARP Table by using netsh. (XP+Vista)
4. Specific to Particular Network.

TODO List.
1. Will add feature to authenticate from server using a particular serial number.(specific to individual client).
2. Will add feature to ping the server directly from the app.
3. Will add the feature to Mail the IP-MAC at initial install to the network admin.
4. Will add a feature to read a file from network and maintain ARP Table from that file of IP-MAC.
4. Learning C to port the app from VB to C.
5. Learning .NET 2008 to use my App at its best with 2008 server and Vista.

(More ideas are needed).
Thats all from my simple Application.

Please let me know anything else.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby osama » Mon Feb 23, 2009 11:16 am

Hey Mudasir, R u publishing your software somewhere?
osama
Havaldaar
 
Posts: 117
Joined: Fri Aug 22, 2008 9:08 am

Postby mudasir » Mon Feb 23, 2009 3:04 pm

AOA,

I have not published it anywhere, becasue i have to compile it with specific MAC Address for specific network and with some extra features, as per the requirements.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby qasali » Sun May 30, 2010 4:27 pm

hi all,

the post and all the replies were informative and also interesting. Recently i have been working on arp cache poisoning. i thought to develop a small program to poison arp cache of all Pcs on LAN. I did it successfully. I used C language, libnet APIs in Fedora.

My program runs in an infinite loop and sends gratuitous ARP reply each time with source ip and destination ip and fake MAC address of a PC which i want to pollute in Client PCs over the network.

I also posted the code on this forum but the site admin i think deleted the thread which i think was against the rules (posting of malicious code).

Now i m trying to develop a program which will detect the attack using C language, Libpcap.

Of course managed switches and port security (binding allowed MAC address) is the ultimate solution but it is not possible when u r managing big networks like 50+ users. System Administrators might second me.

Any how, if anyone wants to join me in this area with ideas and of course some help, I will be happy to work as team

Take care all

Qasim
qasali
Cadet
 
Posts: 10
Joined: Thu Jan 22, 2009 9:12 am

Postby mudasir » Sun May 30, 2010 6:34 pm

Dear,

i left working on ARP issue long time back, figured out many different solutions.

ARP issue was faced by many/almost cable internet operators in karachi, many of them installed Anti-Poisoner (i think initially developed by Hamid bhai), many of them switched to large providers.

Shifting to Layer-3 can solve issues on large networks, however internal area issues will still remain same.

To get rid of the issue what i did.
1. Switched to PPPoE authentication.
2. No gateway provided through DHCP.

These two steps worked out for me, however deploying this on a large network can create issues, becasue PPPoE works on Broadcast.

VPN would be a better solution on large networks.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron