Go Back   Computer Forums > General Computing > Networking | DNS
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 11-15-2012, 10:48 PM   #1
Solid State Member
 
Join Date: Nov 2012
Location: USA
Posts: 8
Default How to prevent arpspoof from working

Hey guys,
So I've been using Linux for a while and decided to do some Bash scripting. Myself and a friend of mine came up with a script that will scan a network (using nmap) and compile a nice neat list of vendor names, computer names, MAC addresses, IP addresses, and other juicy info.
So after that, I installed arpspoof and found out how to redirect packets back into the host machine (once the MAC address was found from the network scan) and cause the person's internet connection to infinitely redirect to itself. So I now know how to effectively block people's internet access, but now I'm trying to figure out a way to counter arpspoof.
Has anyone thought of a way (or some hidden setting? :O) that could beat this setup?

Thanks!

--Matt
__________________

leftybeaver is offline   Reply With Quote
Old 11-15-2012, 11:02 PM   #2
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: How to prevent arpspoof from working

You're making a malicious program that is all about blocking some one's access to their internet. Plus the fact it rapes a system for " other juicy info " make it a felony to distribute. If I found something like that scanning my system it better be bullet proof. Back hacks are simple...
__________________

setishock is offline   Reply With Quote
Old 11-15-2012, 11:05 PM   #3
Solid State Member
 
Join Date: Nov 2012
Location: USA
Posts: 8
Default Re: How to prevent arpspoof from working

Quote:
Originally Posted by setishock View Post
You're making a malicious program that is all about blocking some one's access to their internet. Plus the fact it rapes a system for " other juicy info " make it a felony to distribute. If I found something like that scanning my system it better be bullet proof. Back hacks are simple...
I have already made a program that does it. I am now trying to figure out how to counter it. I am using it to further my knowledge only and not using on public networks (only on my home one). I'd like to know how to counter it and other programs like Wifikill (the android app) so I wouldn't have to deal with people who use it to screw with others.
leftybeaver is offline   Reply With Quote
Old 11-16-2012, 03:42 AM   #4
In Runtime
 
Fujitsu_Technician's Avatar
 
Join Date: Sep 2012
Location: UK
Posts: 284
Default Re: How to prevent arpspoof from working

What script language have you written this in anyway, this sounds more like a Trojan than for a good cause?
And sounds like it is for lynx not windows and very few people are that that anyway so should not worry about hacking with the script.
Fujitsu_Technician is offline   Reply With Quote
Old 11-16-2012, 10:52 AM   #5
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: How to prevent arpspoof from working

Quote:
Originally Posted by leftybeaver View Post
I have already made a program that does it. I am now trying to figure out how to counter it. I am using it to further my knowledge only and not using on public networks (only on my home one). I'd like to know how to counter it and other programs like Wifikill (the android app) so I wouldn't have to deal with people who use it to screw with others.
You should have stated that to begin with.
setishock is offline   Reply With Quote
Old 11-16-2012, 12:10 PM   #6
Solid State Member
 
Join Date: Nov 2012
Location: USA
Posts: 8
Default Re: How to prevent arpspoof from working

Quote:
Originally Posted by Fujitsu_Technician View Post
What script language have you written this in anyway, this sounds more like a Trojan than for a good cause?
And sounds like it is for lynx not windows and very few people are that that anyway so should not worry about hacking with the script.
Its written in Bash. And no its not a Trojan. I only use it to better understand things. I'm not asking for help with how to make a script to hurt other people, I'm asking how to make something to block this from hurting other people.
leftybeaver is offline   Reply With Quote
Old 11-16-2012, 02:18 PM   #7
In Runtime
 
1337G33k's Avatar
 
Join Date: Sep 2012
Location: Canada
Posts: 190
Default Re: How to prevent arpspoof from working

i could trace your username through CMD and screw with your internet and your IP. but since im a nice person, im not going to. SO you guys are the reason i couldnt enter this thread this morning
__________________
"Yo moma is like HTML: Tiny head, huge body."
1337G33k is offline   Reply With Quote
Old 11-16-2012, 02:20 PM   #8
Solid State Member
 
Join Date: Nov 2012
Location: USA
Posts: 8
Default Re: How to prevent arpspoof from working

Quote:
Originally Posted by 1337G33k View Post
i could trace your username through CMD and mess with your IP. but since im a nice person, im not going to. SO you guys are the reason i couldnt enter this thread this morning
No it only works on a local network. I already said anyway, I don't use it for malicious purposes.
leftybeaver is offline   Reply With Quote
Old 11-16-2012, 02:24 PM   #9
In Runtime
 
1337G33k's Avatar
 
Join Date: Sep 2012
Location: Canada
Posts: 190
Default Re: How to prevent arpspoof from working

Quote:
Originally Posted by leftybeaver View Post
No it only works on a local network. I already said anyway, I don't use it for malicious purposes.
alright. going crazy for a second
__________________
"Yo moma is like HTML: Tiny head, huge body."
1337G33k is offline   Reply With Quote
Old 11-16-2012, 06:20 PM   #10
Site Team
 
celegorm's Avatar
 
Join Date: Sep 2006
Posts: 10,713
Send a message via AIM to celegorm
Default Re: How to prevent arpspoof from working

Let's start with this for a second to end any fears of security issues to our users:

Preventing ARP-Spoofing is a legitimate network security concern. For most end users it's nothing they need to be concerned about but network admins who have a public-facing network that might have sensitive information transmitted over it (like emails) need to consider this thread for a proper security risk analysis. At any rate, for any ARP-spoofing to occur both the victim and the malicious computer must be connected to the same router so any little script he's written is perfectly safe to the rest of us.

The simple fact that he's written his own script is proof that he's looking to learn. If the intent was to do damage it's a lot quicker to download free linux utilities that do ARP spoofing without you having to code anything.

Lefty:
I did something very similar to this in a network security class I took a year or so ago while I was still in college. I don't remember the specifics but I know you could watch for a large amounts of a particular network packet. I think it was a DHCP IP announcement packet or something similar that flooded the network with a packet that said "I am the real computer with the MAC address of <whatever> so send that traffic to me instead" Eventually, every computer would receive that packet and the router and other local machines would send to you instead of the victim.

I could have the packet type wrong and I could have the MAC/IP part flipped but that's the general idea on how to detect a spoof. From there it's really up to you how you want to kick off, or otherwise block the malicious computer.
__________________

__________________
"as a fanboy i refuse to admit it and will pull countless things out of my butt to disprove it"

Team Thelegorm! Total Kills: 21 (i iz in uor profile, editsing your sigz)
celegorm is offline   Reply With Quote
Reply

Tags
arpspoof, linux, network

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 10:06 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0