The everlasting ARP attack

Thank you for coming to help.

I'm connected to a switch.The switch is connected to one router. The attacker now got 2 pcs to attack.One is connected to the router and another is connected to the switch.We usually use dynamic IPs,but mine doesn't change often.
Yesterday,he changed his attack method(learned from some "pros" maybe) which I had no idea what's going on.
My firewall showed 2 pc were sending tons of udp packtes and some flagged SYN ACK pactets. Winarpattack warned crazily "Begin to protect because Local entry add crisis!!"System tray continiously popped up"System error:IP conflict!"
I rebooted my pc,hoping that Winarpattack could prevent the error messages from tray.
Actually,I was totally cut since then.I even lost my IP.I manualy added some but only got the message"IP in use,static IP strategy."There are only about 10 pcs so it can't be 1~255 are all in use.Winarpattack could hardly work from then on.
After I was cut for an hour or so,I tried cain and abel(couldn't work normally as well).A mac_scan showed the attacker's pc occupied almost all IP addresses,but not all(leave me some hope??)I choosed one not occupied.It worked.I was connected again.
I wonder what software does he(a totally noob) use to do this HUGE ATTACK.

Any firewall.Especially I want to try Jetico v2.
There are a lot of Anti-arp firewall products here in China(eg. check www.antiarp.com).But those are only anti-arp firewalls.Plus,in my knowledge,those firewalls are noise producers too.

Thanks.

 

Actually, what you just described above is one of the deffensive methods to protect the network from the arp poisoning (mentioned here).
If my network was under arp poisoning and there where two many pcs to use correct binding of ips/macs, I would do the same as your "friend". Populate all the unallocated adresses with virtual clients to act as honeypots.

And the question that passes through my mind is; who is attacking whom?

Panagiotis

 

It's quite obvious.You are attacking me.And I really don't give a shi*t about anything you post here.

 

If the attacker is a complete noob, as you claim it to be, how is he able to attack you?

 

This thread gets beyond ridiculous. You folks stop playing wannabe hacker wars on your LAN and contact responsible management. I don't feel like contributing any advise here only to support your foolish behaviour. If you know the attacker and he's physically near you even, launching counter-attacks is totally not a way to stop such behaviour. Grow up!

 

As the thread is becoming more personal banter rather than informative interaction I will close the thread and show bonedriven how to protect via PM.



Thread closed


- Stem