[ previous ] [ next ] [ threads ]
 
 From:  "Mohammed Ismail" <m dot ismael at gmail dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Anti netcut (was Re: [m0n0wall] m0n0wall 1.3b17)
 Date:  Thu, 30 Apr 2009 22:49:28 +0200
-----Original Message-----
From: Lee Sharp [mailto:leesharp at hal dash pc dot org] 
Sent: Wednesday, April 29, 2009 3:21 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Anti netcut (was Re: [m0n0wall] m0n0wall 1.3b17)

rgreiner wrote:

> Hi, does somebody know any interesting reference page explaining what
> exactly netcut does and how? All pages I could find speak about
> downloading netcut or anti netcut. I'm interested in neither. What I
> would like is to know how to detect and trace someone using that thing
> in my network, so I could properly "deal" whith this individual.

>Actually, tracking is easy.  Look at the arp table on any system on the 
>flat network.  If one mac address is constantly advertising itself as 
>several IP addresses, they are probably arp poisoning. (Or a bridge, 
>wireless range extender, or something else that is supposed to arp for 
>others)
>
>But I can not see how he is protecting the network.  It might protect a 
>single system, but not a network.
>
>			Lee


Well 
I thought that in the beginning and I thought I must control layer2 traffic.
Notice that some other systems do prevent arp spoofing
Now with secondary ip in m0n0wall we can do this>
LAN IP 10.0.0.1/8 
Sec. IP 1.1.1.1/32
DHCP Server on LAN
Pool from 10.1.1.1 to 10.1.1.254
Default Gateway 1.1.1.1
And have static mapping for our customers,
Might use deny unknown clients, but in my case I am adverting for my network
via wireless so I need them to see the CP page.
Now the client receive an IP address of lets us say 10.10.10.30/8 
with Def.GW 1.1.1.1
if you run netcut on that machine it will not see any gateway :)
now if we could give clients a subnet mask of /32 instead of /8
you will Isolate each client in his own subnet mask
also you got to have IPfilter blocking rules for LAN interface
like blocking IPs from talking to each other,

Best Regards, 
Mohammed Ismail
 


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch