How to prevent arpspoof from working

leftybeaver

Solid State Member
Messages
8
Location
USA
Hey guys,
So I've been using Linux for a while and decided to do some Bash scripting. Myself and a friend of mine came up with a script that will scan a network (using nmap) and compile a nice neat list of vendor names, computer names, MAC addresses, IP addresses, and other juicy info.
So after that, I installed arpspoof and found out how to redirect packets back into the host machine (once the MAC address was found from the network scan) and cause the person's internet connection to infinitely redirect to itself. So I now know how to effectively block people's internet access, but now I'm trying to figure out a way to counter arpspoof.
Has anyone thought of a way (or some hidden setting? :O) that could beat this setup?

Thanks!

--Matt
 
You're making a malicious program that is all about blocking some one's access to their internet. Plus the fact it rapes a system for " other juicy info " make it a felony to distribute. If I found something like that scanning my system it better be bullet proof. Back hacks are simple...
 
You're making a malicious program that is all about blocking some one's access to their internet. Plus the fact it rapes a system for " other juicy info " make it a felony to distribute. If I found something like that scanning my system it better be bullet proof. Back hacks are simple...
I have already made a program that does it. I am now trying to figure out how to counter it. I am using it to further my knowledge only and not using on public networks (only on my home one). I'd like to know how to counter it and other programs like Wifikill (the android app) so I wouldn't have to deal with people who use it to screw with others.
 
What script language have you written this in anyway, this sounds more like a Trojan than for a good cause?
And sounds like it is for lynx not windows and very few people are that that anyway so should not worry about hacking with the script.
 
I have already made a program that does it. I am now trying to figure out how to counter it. I am using it to further my knowledge only and not using on public networks (only on my home one). I'd like to know how to counter it and other programs like Wifikill (the android app) so I wouldn't have to deal with people who use it to screw with others.

You should have stated that to begin with.
 
What script language have you written this in anyway, this sounds more like a Trojan than for a good cause?
And sounds like it is for lynx not windows and very few people are that that anyway so should not worry about hacking with the script.

Its written in Bash. And no its not a Trojan. I only use it to better understand things. I'm not asking for help with how to make a script to hurt other people, I'm asking how to make something to block this from hurting other people.
 
i could trace your username through CMD and screw with your internet and your IP. but since im a nice person, im not going to. SO you guys are the reason i couldnt enter this thread this morning
 
Last edited:
i could trace your username through CMD and mess with your IP. but since im a nice person, im not going to. SO you guys are the reason i couldnt enter this thread this morning

No it only works on a local network. I already said anyway, I don't use it for malicious purposes.
 
Let's start with this for a second to end any fears of security issues to our users:

Preventing ARP-Spoofing is a legitimate network security concern. For most end users it's nothing they need to be concerned about but network admins who have a public-facing network that might have sensitive information transmitted over it (like emails) need to consider this thread for a proper security risk analysis. At any rate, for any ARP-spoofing to occur both the victim and the malicious computer must be connected to the same router so any little script he's written is perfectly safe to the rest of us.

The simple fact that he's written his own script is proof that he's looking to learn. If the intent was to do damage it's a lot quicker to download free linux utilities that do ARP spoofing without you having to code anything.

Lefty:
I did something very similar to this in a network security class I took a year or so ago while I was still in college. I don't remember the specifics but I know you could watch for a large amounts of a particular network packet. I think it was a DHCP IP announcement packet or something similar that flooded the network with a packet that said "I am the real computer with the MAC address of <whatever> so send that traffic to me instead" Eventually, every computer would receive that packet and the router and other local machines would send to you instead of the victim.

I could have the packet type wrong and I could have the MAC/IP part flipped but that's the general idea on how to detect a spoof. From there it's really up to you how you want to kick off, or otherwise block the malicious computer.
 
Back
Top Bottom