defense at netcut?

alexanderalden · July 30, 2013, 11:36pm

I have to use shared internet at school and I found out that one of the students is using netcut to block other students’ internet access. Is there any way to defend against netcut and arp poisoning in general? **

robin_listas · July 31, 2013, 1:03am

On 2013-07-30 23:46, alexanderalden wrote:
>
> I have to use shared internet at school and I found out that one of the
> students is using netcut to block other students’ internet access. Is
> there any way to defend against netcut and arp poisoning in general? *

What you should do is denounce the attack to the authorities.

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
*

LewsTherinTelemon · July 31, 2013, 1:32am

While suggestions of reporting the person are valid, I’m going to put myself in your shoes and imagine some scenarios where adding some defense might also be prudent.

arpwatch can help detect arp injection: LBNL’s Network Research Group

There are many sites which cover its use. If your using your own computer, which you have root on, this tool might come in very handy for you. If you are using shared, public computers then not so much.

You can also find graphical front ends such as | TuxCut](http://tuxcut.net/) which accomplish the same (though I’ve not used this specific tool)
(Note this site shows how to prevent arp poisoning using arptables (which is available in OpenSuse) as well - which in your case might be perfect.)

A simple defense is just to clear your arp cache constantly as the attacker will have to re-inject for you to be affected.

A word of caution: Whether or not you choose to report the person I would advise against doing any kind of “hack back” activity - you very likely could get into a lot of trouble and its not worth it. Use it as an advantage to learn how to defend against arp poisoning script kiddies and perhaps teach others to do the same.

hendersj · July 31, 2013, 4:04am

On Tue, 30 Jul 2013 21:46:02 +0000, alexanderalden wrote:

> I have to use shared internet at school and I found out that one of the
> students is using netcut to block other students’ internet access. Is
> there any way to defend against netcut and arp poisoning in general? *

This would almost certainly violate your school’s acceptable use policy.
Most school AUPs prohibit any form of interfering with another user’s
access to the network or networked resources.

Reporting what you found to the relevant school authorities would be the
best course of action.

Jim

Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
*

tsu2 · August 1, 2013, 9:11pm

Been a long time since I’ve looked at this, and arp attack/defense has changed over time.

Recommend taking a look at the wikipedia entry
https://en.wikipedia.org/wiki/ARP_spoofing

You can install and run arpwatch from the openSUSE repositories which has been around for a very, very long time.

That only addresses defending your own machine. In general, if it becomes well known that someone is arp spoofing on the network everyone should run this kind of software.

TSU

alexanderalden · August 5, 2013, 10:25pm

Thank you every for your replies. I gave a go at the arptables but it didn’t work for me (I might have been doing something wrong). So, I installed tuxcut. Tuxcut works most of the time but it seems helpless from time to time so I have to spoof the device mac and connect back. Since the access point is placed there for free by an outside company, the school authority doesn’t care about what happens to it and there are previous examples that offenders get away lightly from hacking activities even when caught red-handed. I will try reporting the event when the company comes for maintenance though.

hendersj · August 6, 2013, 1:48am

On Mon, 05 Aug 2013 20:26:01 +0000, alexanderalden wrote:

> I will try reporting the event when the company comes
> for maintenance though.

That would be a good thing to do. Even if they provide the service for
free, that someone’s disrupting their operation reflects on their
organization, and usually the benefit of providing a free service is free
advertising. They don’t (or shouldn’t want to) provide a service that’s
disrupted easily because that gives their service the appearance of being
unreliable.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C