|
||||||||||
rgreiner wrote: > Mohammed Ismail wrote: >> With secondary IP option in LAN, and the last 5 commits in the >> http://m0n0.ch/wall/repository.php >> >> I cannot wait to see b17 >> >> .. >> >> And is there a way to integrate this in m0n0wall ? >> >> http://code.google.com/p/antinetcut > Hi, does somebody know any interesting reference page explaining what > exactly netcut does and how? Well, not necessarily specific to netcut, but for what it does: http://en.wikipedia.org/wiki/ARP_poisoning > All pages I could find speak about > downloading netcut or anti netcut. I'm interested in neither. I personally use ettercap for these types of ARP Poisoning and MitM penetration tests. > What I > would like is to know how to detect and trace someone using that thing > in my network, so I could properly "deal" whith this individual. Defense in depth and breadth helps with this. That is, depending on your network, your switches/routers should watch and deny this type of behaviour. Again, depending on your network, there are many ways to prevent/find it: - disable gratuitous arps (main mechanism for arp spoofing) - disable proxy arp - dhcp snooping with arp inspection - put each port into it's own VLAN etc etc. Google for "Layer-2 security" and more specifically "arp spoofing" and "man in the middle attack" to get far more details on how to monitor/prevent this attack vector. Steve Disclaimer: I would highly advise against 'testing' this type of software on a live production network. If you don't understand exactly what is happening, the disruption can be quite long-lasting and widespread. |