all connections are wired Ethernet connections
ADSL modem <<==>> wan int. m0n0wall LAN int. <<==>> Ethernet wired clients.
all clients OS will be winxp
and I cannot garantee good antivirus or firewalls on those PCs
so I want m0n0 to keep sending his MAC address to all Clients to maintain connectivity between
clients and m0n0.
the Trojan name was HackTool.win32.ArpAttacker.3020
Are you using a wireless access point to run everyone through captive
portal or are they all wired in via Ethernet port?
Mohammed Ismail wrote:
> I have been using m0n0 wall since 2006 and till now it is relay the best, providing me high
stability and hardware cost effective.
> turning 200 MHZ PC into an advanced Router.
> now adays i faced a problem, spoofing wrong MAC
> my LAN ip is > 192.168.1.1 MAC 00:23:34:43:f4:b1
> so when i type arp -a in command under windows xp from any client PC i should get the right mac i
get for instade for example
> 192.168.1.1 wr:on:g:ma:ca:dd
> now the trojan give wrong MAC
> also in ARP cache on m0n0wall i get all MAC addresses of the client are the same!!!
> like this>>
> 192.168.10.105 00:16:17:ec:9f:b8
> 192.168.10.29 00:16:17:ec:9f:b8
> 192.168.10.34 00:16:17:ec:9f:b8 192.168.10.60 00:16:17:ec:9f:b8
> so in captive portal i must check on , disable MAC filtering , so thoes clients get internet
> there are some applecations that uses winpcap and make statice arp entire on the infected pc
> keep telling my mac is xx:xx:xx:xx:xx:xx and keep Gateway Mac as static entry in arp table in
> sorry for long explainning of the problem,
> now is it possible that i make m0n0wall keep telling clients that M0n0 IP is 192.168.1.1 and MAC
> so it is added in arp table of the client machine as static entery , or keep sending this arp
packet every 1 sec to prevent spoofing of m0n0 mac
> this also will provide security from spoofing.
> Note: i am useing 1.3b10
> and i have this problem in 7 networks that i dont have easy access to client PCs
> so i need a remote solution. if possible
> best regards
> Mohammed Abd El Wadoud
> Account Manager
> Sharm El Sheikh
> m dash ismail at link dot net
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch