> Mohammed Ismail wrote:
>> With secondary IP option in LAN, and the last 5 commits in the
>> I cannot wait to see b17
>> And is there a way to integrate this in m0n0wall ?
> Hi, does somebody know any interesting reference page explaining what
> exactly netcut does and how?
Well, not necessarily specific to netcut, but for what it does:
> All pages I could find speak about
> downloading netcut or anti netcut. I'm interested in neither.
I personally use ettercap for these types of ARP Poisoning and MitM
> What I
> would like is to know how to detect and trace someone using that thing
> in my network, so I could properly "deal" whith this individual.
Defense in depth and breadth helps with this. That is, depending on your
network, your switches/routers should watch and deny this type of
behaviour. Again, depending on your network, there are many ways to
- disable gratuitous arps (main mechanism for arp spoofing)
- disable proxy arp
- dhcp snooping with arp inspection
- put each port into it's own VLAN
Google for "Layer-2 security" and more specifically "arp spoofing" and
"man in the middle attack" to get far more details on how to
monitor/prevent this attack vector.
Disclaimer: I would highly advise against 'testing' this type of
software on a live production network. If you don't understand exactly
what is happening, the disruption can be quite long-lasting and widespread.