anti arp fraud

Hey fellows:

I have recently found that there are someone who are making arp fraud inside my home network
( I am now share-living in a house atm). Is there are any soultions that I can detect and prevent arp fraud in a network?

Are you using CFP3? Under firewall/advanced/protection settings you can protect the arp cache. What exactly are they doing?

I guess it’s a ARP spoofing attack?
And like sded, I’d like to have some more information.

Cheers,
Ragwing

I believe so !!

Well , I am currently using CFP3. I have recently found that there are many intrusion warnings from my CFP. I was initially found that someone who are keep sending broadcast to the port 1900 on my subnet broadcast address(i.e 192.168.1.255) in every second . However , the things go worst as I have found that someone who are periodically sending arp to any host on my home network. Also , I have found that my computer cannot be assigned for a network address on my home network for several time. I am afraid that someone who are using several different kinds of attack including arp spoofing and netcut on my network .

I am not sure what has been affected but I believe that the ‘hacker’ has already intruded my privacy!

I am looking forward to see if anyone can help me to solve the problem!

Cheer

It would probably be best to re-setup your network via a network cable. Use a more complex WPA Key. (You can use up to 65 characters. grc.com has a secured random key generator on their website) What I tend to do is type out a load of gobbledeegook on the WEP Key page and then use one of the generated keys then do it again and use another (Done by copying and pasting into a notepad.)

Ensure that your router has set to restrict to only however many users you require, Enable MAC Address Filtering and change & Disable your ssid.

(See Comodo - Setting up Secure Network information in the FAQ’s under Comodo Firewall Forum)

Eric

The program call “NET CUT”.
(:NRD) (:NRD) (:NRD) (:NRD) (:NRD)

Before you do any of Eric’s great suggestions;

  1. Log into your router
  2. Disable the wireless
  3. Pull out all ethernet cables except the one connecting the router to your PC
  4. Change the admin password on the router
  5. Change the default IP address of the router to another private IP (like 172.16.X.X)
  6. Disable the SSID
  7. Disable DHCP and manually assign addresses in the same subnet as step 5) to your trusted PCs
  8. Save the router config and reboot the router
  9. Log in using the new admin password
  10. Use the highest level of security allowed by your router
  11. Set up MAC filtering with only the MAC addresses of the NICs you want to use the network
  12. Only allow cabled connections until you can trap him/her
  13. Download NetCut and install it on your PC in protect mode :wink:

I like step 13 - to catch a thief, think like a thief!

Have no mercy - if they are not playing nice, you don’t have to either. >:( Depending upon your jurisdiction, you could contact the police. Under Australian law, this is classed as illegal manipulation of a data network and is a jailable offence. Your ISP may also be able to help.

Ewen :slight_smile:

Additionally, check if your router supports static ARP tables, add the MAC address of the trusted PCs to the routers ARP table.

run wireshark on your PC and filter ARP to catch the MAC addres for a first step in tracking him down.

Find him, catch him, whack his ■■■ with a boat paddle.