ARP spoofing or poisoning

aghascepter

Reputable
Aug 3, 2017
23
0
4,510
Hello everyone,
I recently got this problem with my PC network connection, it often disconnected for unknown reasons.
And i recently find out someone apparently using NetCut to cut-off my PC connection,
at first it's really easy to solved, i just run NetCut Defender and i got my network connection back.
Until yesterday i got this attack notification again from NetCut Defender but this time it cant stop it.
Even when i reload the protection, the Defender said "netcard has no ip address etc".

I decided to wait till today and i'm downloading Xarp, and it turns out someone sending ARP poisoning packet for about 150 request/second, i even barely be able to close the Xarp notification window- because the amount of that incoming packet. I already create inbound rule to block incoming ICMPv4 and 6, and that thing alone still cannot stop it, until i change my ip and mac adress to static via cmd arp -s command + using ESET to block incoming ARP attack + NetCut defender, finally i got the connection back.

Is anyone know what kind of application the attacker use?
Is what i'm doing good enough? because i'm affraid there is another way that cannot be stopped.
Is there any other way to stop this Incoming ARP attack? because when i wrote this thread alone,
Xarp already counting about 100,000 incoming packet from the attacker. Thank you.

 
Solution
Again not much you can do, there are all kinds of bad things you can do when you are on a lan. DHCP servers tend to cause the worst issue and that happens accidentally all the time. If I just wanted to crash a lan it is not too hard to create a broadcast loop. Again LAN is assumes to only have trusted devices on it.
Simple you hunt the person down and take a big hammer and smash his pc to bits and then kick him out of the house. When it is your network there are lots of things you can do when it is not your network you are exposed. Things like ARP are designed to be used only on LAN networks which in theory are suppose to be secure. Your only option if you do not control the network is not to use it. There is little you can do because many times ARP packets are actually trying to attack the router ARP table. You can put all the stuff you want in your PC and it does not fix the router.

Now if you have control step one is to really kick the person off. There are many ways to secure a network that you do control. There are option in switches that prevent this attack and you can use port security to prevent unauthorized people from even connecting.
 


Well thats one way to solve it, i mean from this ARP storming case i suffer could it be worse?
Or is this the worst kind case an ARP storming attack could be already? thankyou for your response.
 
Again not much you can do, there are all kinds of bad things you can do when you are on a lan. DHCP servers tend to cause the worst issue and that happens accidentally all the time. If I just wanted to crash a lan it is not too hard to create a broadcast loop. Again LAN is assumes to only have trusted devices on it.
 
Solution