2 Questions about lns

#1 I'm in a school's lan and ARP attack is very heavy which is a very serious problem when I'm in a online game.Can LnS defend this kind of attack?

#2 Does LnS support stealth mode which can hide my ip?Actually my problem is that the website(www.pandora.com) is restricted to IPs that don't belong to America.Can stealth mode solve the problem?

Thanks a lot!

 

Answer to question 2:

I do not think stealth mode will hide your ip, it will only stealth your ports.
To hide your IP you need to use an anonymous proxy such as Tor or Jap. A free modified firefox browser that uses tor can be found here:
http://www.xerobank.com/xB_browser.html

Answer to question 1:
I admit I dont know what ARP is, however if I remember rightly when I used looknstop with the phantom ruleset, it had a rule to protect you against ARP attacks.

Hope this helps!

 

Hi bonedriven

ARP attack ? Indeed? See the System Administrator for this. The problem should be addressed at this level...

There's a confusion here: the stealth status of a personnal computer do NOT hide the actual IP address but hide the presence or absence of an active computer at the address.

When a personnal computer is in stealth mode, the system block all abnormal/illegal packets without feed-back to the source of these packets.

Since Internet works only with IP addresses the only way to do his to use an other IP address with a proxy server. When you makes a connection to a web site with a proxy server, the seen IP address is the one of this proxy server not yours...

An other way is to used an "anonymisation" network like Tor (The Onion router) which used a network of router accross the world with encrypted communications between these routers and your PC (except for the last router in the chain ...).

Now the drawback:

- For the proxy servers the main problem is to find one and the other is the "trustability" of the proxy server you choose ...

For this I suggest you to try MultiProxy:
http://www.multiproxy.org/multiproxy.htm

- For Tor I suggest you to read the documentation at the official web site:
http://tor.eff.org/index.html.en

If you decide to used Tor, I can help you to set the rules needed to operate a Tor router with Look's'Stop...

Hope this help. Let us know.

 

Thanks for reply,dmanace and Climenole!

I'm sorry but what do you mean by "System Administrator"?

Yeah,I heard Tor before and thought that I would have no need for it.Now I have installed vidalia/tor/privoxy.I don't know if it's LnS prevent them working properly but I can't feel any difference with them running.It would be very kind of you to help me to set the additional rules for Tor.I'm using Phantom's ruleset at the moment and my OS is Windows XP.Waiting!

 

Hi bonedriven

You say in your first post:

This is the guys paid at your school to manage the Local Area Network.
If there is ARP attacks (ARP poisoning and alike) this is the person you have to talk first...

Start with this.

 

Hi bonedriven

Did you read Tor documentation?

MS Windows Install Instructions

Tor may be used only as client or as client AND server (onion router)...

With the LNS Enhanced rules set there is nothing to do except allowing Tor Privoxy and Vidalia to used Tor as client.

For a server, this is an other story...

Contact the LAN system administrator at your school and talk with him about the "Arp attacks". He is the first person to be advised of this. I believe he can solve this issue and in the same times avoid you a Tor installation.

(Tor is not actually a solution for ARP poisoning in a local area network... )

So talk to him first.

Hope this help. Let us know !

 

Thanks for reminding me to read the Tor Documentation.Now it is working real good!
I searched the web and found some rules to defend ARP attacks and I'm still testing if it's working.It seems LnS can defend some basic ARP spoofings.

 

Hi bonedriven

So you solve Tor problem like a champion! Very good bonedriven

Now about ARP problems. There's some anti ARP attacks in the Phant0m rules set ( I guess... )

but my point was :

since it's on your school LAN, don't try to solve this problem alone !
This is also the responsability of the LAN "sys admin" to help you and find a solution to this issue.

Take care!

 

Hi,Climenole!
You know what?In spite of guys like me that don't report at all,Sys admin receives 2 or 3 dozens of ARP attack reports everyday.The attackers are most doing it unwittingly as their computers are infected with viruses.There are people I know who run their computers without AV and Firewall at all,and most importantly,they have more patience than me in reinstalling their OS once a week because of all kinds of viruses growing happily.

 

Hi bonedriven

Unbelievable!

Finally you was right: reporting security issues to this sysadmin is totally useless...

He's managed to have a huge problem very soon...

On your side , the best is to keep your computer safe.

Take care.

 

Hi Climenole!
Finally I think my LnS can do the job for me.Maybe you'll find this pic funny.

 

Hi bonedriven

So the Phant0m's anti-MAC spoofing rule works well !

(Tell him: http://www.mntolympus.org/phpbb2/ )

An interesting LnS plug-in for ARP packets:
http://www.looknstop.com/En/plugin.htm

Have a nice day.