how to overcome NetCut?

Posted By: Shark_M | Nov 24th, 2005 @ 8:23 PM
page 1 of 1
Comments: 7 | Views: 11268
#Nov 24th, 2005 @ 8:23 PM
Shark_M
Shark_M
Hello guys, if you are in a network using LAN, and someone uses NetCut
@ http://www.arcai.com/ to kill your ip, how to block that?

it uses ARP. I need a way to block it can you suggest a way?
#Nov 25th, 2005 @ 2:55 AM
jozjan
jozjan
jozjan
If you have Cisco switches, then use Cisco port security features on your switches.
#Oct 17th, 2006 @ 9:54 AM
arcai
arcai

hi,

  netcut 2.0 have protect arp spoof function , try that.

  also, fyi. even cisco switch with secure port enabled, netcut  2.0 still works.

#Oct 17th, 2006 @ 10:14 AM
phreaks
phreaks
Shark_M wrote:
Hello guys, if you are in a network using LAN, and someone uses NetCut
@ http://www.arcai.com/ to kill your ip, how to block that?

it uses ARP. I need a way to block it can you suggest a way?


1) Disable ICMP
2) arp -d *  //In case you are already poisoned
3) enable MAC filtering on your router!
4) Finally add a static ARP table
#Oct 18th, 2006 @ 10:11 AM
arcai
arcai
hi phreaks 
 just curious that have you tried what you suggest ?


 
#Oct 18th, 2006 @ 12:21 PM
phreaks
phreaks
arcai wrote:
hi phreaks 
 just curious that have you tried what you suggest ?


 


No, I already have static ARP entries and have never had to deal with netcut.

However, tuning off ICMP *should* limit the ability for netcut to obtain a list of IP's on your subnet and adding a static ARP entry(s) *should* disable the ability of ARP poisoning.

#Oct 22nd, 2006 @ 8:14 AM
arcai
arcai

hi,

  static ARP entries on your Own PC will not work , you have to make the static ARP entries  on your gateway's ARP Table.
  

#Oct 22nd, 2006 @ 1:07 PM
figuerres
figuerres
???
Shark_M wrote:
Hello guys, if you are in a network using LAN, and someone uses NetCut
@ http://www.arcai.com/ to kill your ip, how to block that?

it uses ARP. I need a way to block it can you suggest a way?


who owns / admins the LAN?

if I found such a program on my network i'd publish a notice that such a program is not allowed and if found the user could face a writeup and or be fired if it continued to happen.

the other thing would be to find a way to locate the netcut pc and cut it off the network.

like this post says:

http://newsgroups.linuxbroker.com/index.php?tab=com&newsgroup=comp.os.linux.security&article=5694

find an arpwatch for win32 or use etherial and see who is effing with arp traffic!
page 1 of 1
Comments: 7 | Views: 11268
Microsoft Communities