PDA

View Full Version : NetCut : ARP Poisioner



linux_makers
22nd May 2006, 02:04 AM
Hey There,
i am on a LAN Network..and if any body knows..there is a program that works on microsoft OS called NetCut..which is an ARP Sniffer/Poisoner that can cut the connection between a specific computer and the router..
here is its link : www.arcai.com/netcut (http://www.arcai.com/netcut/)
now..i used to stop this net disconections by using a program called anti-netcut on windows..
but on Linux..i donot know what to do..i heard that there is a trick that can be done in the iptables..
Please help me as i am suffering here..
Thanks In Advance.

mohamednasr2000
29th October 2007, 12:20 AM
I think this script could fix the net cut problem

I did not made it but it's under the GPL licence.
the owner details writen inside the script.

the script made by python & to run it you must root with full paths.

login as root by runing the "su - " you must write the " - " to load paths.

http://www.4shared.com/file/27679255/c1901fa5/antiNetCut-linux.html

lio_013
16th July 2009, 06:54 PM
arptable does the trick
first install arptables_jf package using yum then do the following as root



arptables -P IN DROP
arptables -P OUT DROP
arptables -A IN -s 192.168.1.1 --source-mac 00:1D:0F:A9:F0:45 -j ACCEPT
arptables -A OUT -d 192.168.1.1 --target-mac 00:1D:0F:A9:F0:45 -j ACCEPT
arp -s 192.168.1.1 00:1D:0F:A9:F0:45

replace the ip and mac address with your gateway ip and mac
no netcut cannot see u in his ip list :)

also i have programmed a small tool with gambas to act as netcut and contains the above mentioned protection
u can test it

http://aatalla.files.wordpress.com/2009/11/tuxcut.png

http://aatalla.files.wordpress.com/2009/11/tray.png

to run the programme u need

iproute
dsniff
nmap
beesu #for root priviliage the same as gksu



http://a-atalla.co.cc/?p=90
Download the rpm packages http://bitbucket.org/a_atalla/tuxcut/downloads/

linuxman11
14th January 2010, 04:15 PM
the magic word is static ARP on both sides, The gateway and the hosts.
Use static ARP entries and this way no way for Netcut or any similar techniques and also you increase the security of your LAN, No body will be able to sniff, But of course with harder techniques.
Regards,

lio_013
14th January 2010, 08:11 PM
arp -s 192.168.1.1 00:1D:0F:A9:F0:45 did it for my side

so how can i do static ARP at the gateway side ?

linuxman11
16th January 2010, 12:06 AM
Most of small routers don't have this feature, But some good routers has this capability, So check the manual for your router. I use Linux servers as gateways on my all LANs, So It's easy to setup the whole hosts as static ARP entries on the Linux gateway, By the way, It can be done also on a Windows gateway.