|
||||||||||
Steve Bertrand wrote: > rgreiner wrote: > >> Mohammed Ismail wrote: >> >>> With secondary IP option in LAN, and the last 5 commits in the >>> http://m0n0.ch/wall/repository.php >>> >>> I cannot wait to see b17 >>> >>> .. >>> >>> And is there a way to integrate this in m0n0wall ? >>> >>> http://code.google.com/p/antinetcut >>> >> Hi, does somebody know any interesting reference page explaining what >> exactly netcut does and how? >> > > Well, not necessarily specific to netcut, but for what it does: > > http://en.wikipedia.org/wiki/ARP_poisoning > > >> All pages I could find speak about >> downloading netcut or anti netcut. I'm interested in neither. >> > > I personally use ettercap for these types of ARP Poisoning and MitM > penetration tests. > > >> What I >> would like is to know how to detect and trace someone using that thing >> in my network, so I could properly "deal" whith this individual. >> > > Defense in depth and breadth helps with this. That is, depending on your > network, your switches/routers should watch and deny this type of > behaviour. Again, depending on your network, there are many ways to > prevent/find it: > > - disable gratuitous arps (main mechanism for arp spoofing) > - disable proxy arp > - dhcp snooping with arp inspection > - put each port into it's own VLAN > > etc etc. > > Google for "Layer-2 security" and more specifically "arp spoofing" and > "man in the middle attack" to get far more details on how to > monitor/prevent this attack vector. > > Steve > > Disclaimer: I would highly advise against 'testing' this type of > software on a live production network. If you don't understand exactly > what is happening, the disruption can be quite long-lasting and widespread. > > Ok, I will look after this information. Tks, Roberto -- ----------------------------------------------------- Marcos Roberto Greiner Os otimistas acham que estamos no melhor dos mundos Os pessimistas tem medo de que isto seja verdade Murphy ----------------------------------------------------- |