Static ARP on Android

[jaredseg]

There is a device in my house that is pretending to be my router to intercept all traffic using ARP poisoning. I cannot set a static ARP in my router either because then the device that intercepts the traffic will notice it isn't getting any traffic at all. How can I go about setting a static ARP on android so that my tablet can work without being intercepted and will work at startup? I can't use any of the apps on the Google Play Store because they occasionally stop working randomly in the background, and I need to stop the ARP poisoning from happening at all.

 

[molletts]

There is a device in my house that is pretending to be my router to intercept all traffic using ARP poisoning. I cannot set a static ARP in my router either because then the device that intercepts the traffic will notice it isn't getting any traffic at all. How can I go about setting a static ARP on android so that my tablet can work without being intercepted and will work at startup? I can't use any of the apps on the Google Play Store because they occasionally stop working randomly in the background, and I need to stop the ARP poisoning from happening at all.

The "arp" command does appear to be available on Android (at least on Cyanogenmod 12) so you could set an entry temporarily by opening a terminal (I use ConnectBot or JuiceSSH) and doing something like:

arp -s 192.168.0.1 11:22:33:aa:bb:cc

with 192.168.0.1 replaced by the IP address of your router and 11:22:33:aa:bb:cc replaced with its MAC address. You'll need root.

I don't know whether Android automatically reads in /etc/ethers at startup; if it does, you could add a line to that file (in addition to being root, you will need to remount /system read-write first) like:

11:22:33:aa:bb:cc 192.168.0.1

If not, I don't know how you would make it happen automatically at startup - there may be an app that can automatically run a command at startup, perhaps.

Of course, the "correct" solution is to fix/remove the broken/infected device that's breaking your network.

 

[bill001g]

You just need to prevent the mac address from being able to connect to your network. Wireless is pretty easy on most routers with a mac filter, ethernet a wire cutter solve the issue very quickly.

If you can load third party firmware on your router there are firewall options that will stop arp poison. It uses a method similar to DHCP snooping commercial switches use to prevent ip spoofing.

This is one of those things that you have good security in your network to start with. In home networks you seldom have untrusted people on your network so the equipment generally does not have feature to prevent people from doing bad things. On commercial equipment there are many options to stop things like this

 

[jaredseg]

Thanks for your help. I think what I'll do is disable wifi before startup each time, and then set the static arp and turn the wifi back on again. I didn't realize that I could use a terminal to do this stuff on android so thanks a million.

 

[jaredseg]

There is a device in my house that is pretending to be my router to intercept all traffic using ARP poisoning. I cannot set a static ARP in my router either because then the device that intercepts the traffic will notice it isn't getting any traffic at all. How can I go about setting a static ARP on android so that my tablet can work without being intercepted and will work at startup? I can't use any of the apps on the Google Play Store because they occasionally stop working randomly in the background, and I need to stop the ARP poisoning from happening at all.

The "arp" command does appear to be available on Android (at least on Cyanogenmod 12) so you could set an entry temporarily by opening a terminal (I use ConnectBot or JuiceSSH) and doing something like:

arp -s 192.168.0.1 11:22:33:aa:bb:cc

with 192.168.0.1 replaced by the IP address of your router and 11:22:33:aa:bb:cc replaced with its MAC address. You'll need root.

I don't know whether Android automatically reads in /etc/ethers at startup; if it does, you could add a line to that file (in addition to being root, you will need to remount /system read-write first) like:

11:22:33:aa:bb:cc 192.168.0.1

If not, I don't know how you would make it happen automatically at startup - there may be an app that can automatically run a command at startup, perhaps.

Of course, the "correct" solution is to fix/remove the broken/infected device that's breaking your network.

Alright I tried to use the console to set static ARP, but now I'm getting "arp: SI0CARP: Operation not permitted"

 

[jaredseg]

Nevermind, I figured it out, I used the "su" command to gain higher access, and now it works. Thanks a million.