[HELP] ARP Poisoning - Countermeasures

[Pwnography-XXII]

Greetings, fellahs!

I've been experiencing some ARP Poisoning these days. Im working on it for almost a day now, but still there's no strong solution to solve this. So I hope you guys have some advice/insight on how to prevent this. I've used several programs such as the netcut defender but it seems the attacker doesn't use netcut and it stills poisons my net connection.

So, Is there anyway to rectify the situation?

Thank you.

 

[i7Baby]

See http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11_603839.html

Post your build.

Post your internet plan.

Have you contacted your ISP? Do they vet for MITM?

 

[mcnumpty23]

have you tried static entries in the arp cache?

 

[Pwnography-XXII]

See http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11_603839.html

Post your build.

Post your internet plan.

Have you contacted your ISP? Do they vet for MITM?

Thanks for this. Will review this now.

 

[Pwnography-XXII]

have you tried static entries in the arp cache?

How do you do that? Not familiar with the method. Sorry.

 

[mcnumpty23]

are you on windows or linux?

 

[Pwnography-XXII]

are you on windows or linux?

Im running Windows 7 and connected via WiFi too.

 

[mcnumpty23]

yeah i assumed you were using wifi

open a command prompt and type in arp –a

then add the static entries you want like this

arp –s <IP ADDRESS> <MAC ADDRESS>.

any time you are connected by wifi you are vulnerable to attacks--best thing is connect by ethernet--though its not always possible i know

 

[Pwnography-XXII]

yeah i assumed you were using wifi

open a command prompt and type in arp –a

then add the static entries you want like this

arp –s <IP ADDRESS> <MAC ADDRESS>.

any time you are connected by wifi you are vulnerable to attacks--best thing is connect by ethernet--though its not always possible i know

What do I write in the IP and MAC? I mean... Do I write my connected device's IP and MAC there or else? Thanks for helping.

 

[mcnumpty23]

and can also use snort for windows intrusion detection

https://www.snort.org

 

[Pwnography-XXII]

and can also use snort for windows intrusion detection

https://www.snort.org

Thanks, I'll check that out.

 

[mcnumpty23]

your connected devices go in there plus any other device you want to add

though arp poisoning would normally mean they are already on your network so changing your wireless security should be the first step

 

[Pwnography-XXII]

your connected devices go in there plus any other device you want to add

though arp poisoning would normally mean they are already on your network so changing your wireless security should be the first step

I did what you told me. Added a static arp entry and I assume I made it right. Because there's no unusual message coming from the CMD. Is that normal?

 

[mcnumpty23]

your connected devices go in there plus any other device you want to add

though arp poisoning would normally mean they are already on your network so changing your wireless security should be the first step

I did what you told me. Added a static arp entry and I assume I made it right. Because there's no unusual message coming from the CMD. Is that normal?

yes

but arp poisoning would mean they already hacked your network and are using something like cain and abel or ettercap on you
what wireless security are you using?
and why do you think you are being arp poisoned?

 

[Pwnography-XXII]

your connected devices go in there plus any other device you want to add

though arp poisoning would normally mean they are already on your network so changing your wireless security should be the first step

I did what you told me. Added a static arp entry and I assume I made it right. Because there's no unusual message coming from the CMD. Is that normal?

yes

but arp poisoning would mean they already hacked your network and are using something like cain and abel or ettercap on you
what wireless security are you using?
and why do you think you are being arp poisoned?

Im using WPA with mixed numbers and alphas. I snucked to the attacker's device(laptop) saw netcut blah blah blah. I googled afterwards and voila! Just as I suspected. Anyway, the attacker is a relative.

 

[mcnumpty23]

that makes it clearer

unless you block them from your network you cant really do anything to stop them trying whatever they want

 

[bill001g]

Turning on the wireless isolation feature will stop a large number of the arp poison type of attacks. It prevents the clients from directly sending data between each other.