[ previous ] [ next ] [ threads ]
 From:  Steve Bertrand <steve at ibctech dot ca>
 To:  Mohammed Ismail <m dot ismael at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Anti netcut (was Re: [m0n0wall] m0n0wall 1.3b17)
 Date:  Fri, 01 May 2009 00:10:20 -0400
Mohammed Ismail wrote:
> I am talking about wired clients.

Wired, wireless, all the same.

> Thanks for your state full answers and for the tips.

You are welcome.

> After all convenient answers that I cannot really tell that they are wrong,
> because of my little knowledge. But there will be a question 

You are learning, questions are good.

> How do they do it in other systems?

Search Google for:

"Safe Layer 2 Security in-depth version 2" again, Cisco focused, but the
basics are there.

> How about miktrotik?

It is no different than m0n0wall.

> And there is another system an Egyptian Guy developed it that prevents
> NetCut-Switchsniffer-Winarp Spoofer

Learn the basics of *what* someone is trying to prevent. That is, you
need to better understand networking in general before you try to
prevent something bad from happening.

You are trying to 'fix' a single piece of a flawed networking system. In
order to 'fix' it, you need to understand it.

> And I actually saw some servers working on those systems here in Alexandria.
> It even detects what I am doing.


> Now all these are commercial software,

*ALL* systems have the ability to protect against *ALL* attacks, without
needing commercial software. You need to know what you are protecting
*against* to be effective.

I use commercial solutions for _pieces_ of our security strategy. The
only reason I use commercial products for some things, is because it is
easier, or it is cheaper in the long term. I run an Internet Provider. I
don't know everything about security, but I know enough about the
network to know *why* I should do something, and *why* I should
sometimes buy commercial software/hardware. You should *not* buy
software or install security software just because you saw it do
something. Understand *why* it does what it does.

> But the way when I run netcut on a machine assigned with df.gw
> the software could not see any gateway to cut off. 
> And software like
> cain, returned error message unknown network gateway if I remember right.

I see that you are proceeding recklessly with 'testing' on your network.
I'm assuming you are running Windows, but it doesn't matter.

If you disregard my previous warning about using these tools on a
production network without knowing what you are doing, then these will
be of benefit to you:

- tcpdump / wireshark
- nmap
- ettercap

I'm pretty certain that they are all available for win32 nowadays.