[ previous ] [ next ] [ threads ]
 
 From:  rgreiner <mrgreiner at gmail dot com>
 To:  Steve Bertrand <steve at ibctech dot ca>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Anti netcut (was Re: [m0n0wall] m0n0wall 1.3b17)
 Date:  Wed, 29 Apr 2009 13:26:35 -0300
Steve Bertrand wrote:
> rgreiner wrote:
>   
>> Mohammed Ismail wrote:
>>     
>>> With secondary IP option in LAN, and the last 5 commits in the
>>> http://m0n0.ch/wall/repository.php
>>>
>>> I cannot wait to see b17
>>>
>>> ..
>>>
>>> And is there a way to integrate this in m0n0wall ?
>>>
>>> http://code.google.com/p/antinetcut
>>>       
>> Hi, does somebody know any interesting reference page explaining what
>> exactly netcut does and how? 
>>     
>
> Well, not necessarily specific to netcut, but for what it does:
>
> http://en.wikipedia.org/wiki/ARP_poisoning
>
>   
>> All pages I could find speak about
>> downloading netcut or anti netcut. I'm interested in neither. 
>>     
>
> I personally use ettercap for these types of ARP Poisoning and MitM
> penetration tests.
>
>   
>> What I
>> would like is to know how to detect and trace someone using that thing
>> in my network, so I could properly "deal" whith this individual.
>>     
>
> Defense in depth and breadth helps with this. That is, depending on your
> network, your switches/routers should watch and deny this type of
> behaviour. Again, depending on your network, there are many ways to
> prevent/find it:
>
> - disable gratuitous arps (main mechanism for arp spoofing)
> - disable proxy arp
> - dhcp snooping with arp inspection
> - put each port into it's own VLAN
>
> etc etc.
>
> Google for "Layer-2 security" and more specifically "arp spoofing" and
> "man in the middle attack" to get far more details on how to
> monitor/prevent this attack vector.
>
> Steve
>
> Disclaimer: I would highly advise against 'testing' this type of
> software on a live production network. If you don't understand exactly
> what is happening, the disruption can be quite long-lasting and widespread.
>
>   
Ok, I will look after this information.

Tks,

Roberto


-- 
  -----------------------------------------------------
                Marcos Roberto Greiner

   Os otimistas acham que estamos no melhor dos mundos
    Os pessimistas tem medo de que isto seja verdade
                                       Murphy
  -----------------------------------------------------