Jump to content

Booting someone from the LAN remotely...


MawwBox

Recommended Posts

Situation:

So I'm on a LAN that's hooked up to our ISP (a satellite). We have 20 users. The router is NOT programmable. I do NOT have access to the router.

Problem:

One moron on our network continues to misuse our ever so slow internets for his own personal means. We set forth rules before hand that specifically said "No BITTORRENTS" as they slow everyone else down to a complete crawl or halt. He continues to do these things. The person in charge of the network won't cut his line...he just continues to nicely warn him.

It's time to take things into my own hands...

Question:

Can I boot him off the network remotely? What can I do to kill his connection even though the router isn't programmable. This guy deserves to be booted or fcked with...he's stopping us from contacting family back home via VOIP.

PLEASE HELP ME!

Link to comment
Share on other sites

Assuming your on the same LAN, just ARP Spoof him and redirect his traffic to your computer, then don't route the traffic correctly :)

Link to comment
Share on other sites

Ok I understand ARP and Spoof haha...but how do you combine the 2? ARP is using the ARP cache poisoning with C and A....and Spoofing would be taking their IP address so they get an IP conflict. So How do you "not" route their traffic once it's tunneling through my computer?

Thanks in advance guys...you're not only helping me...you're helping 18 other people on this network!

Link to comment
Share on other sites

Ok I understand ARP and Spoof haha...but how do you combine the 2? ARP is using the ARP cache poisoning with C and A....and Spoofing would be taking their IP address so they get an IP conflict. So How do you "not" route their traffic once it's tunneling through my computer?

Thanks in advance guys...you're not only helping me...you're helping 18 other people on this network!

Cain will do the arp cache poisoning, you then need something like ettercap or evne your hosts file to redirect any requests for certain addresses. If you use OpenDNS, I think you can set it to block torrent protocols. Once you run Cain to take over his connection, if you setup OpenDNS as your DNS provider and filter the torrents, he will get nothing.

http://www.opendns.com/smb/solutions/filtering/

Link to comment
Share on other sites

So openDNS would only limit target IP addresses? Or all material coming through my line?

Well, you could set it up for your ISP ip address, but this would require you to be able to set the router to flow though OpenDNS. Since you can't access the router, you would need to have it all flow through you, or an extra machine dedicated to redirecting him through OpenDNS. You would also have to sign up for an OpenDNS account so you can add your IP address(ISP, not lan IP) and set the filtering levels, such as p2p/torrents. OpenDNS is free so couldn't hurt to try...

Link to comment
Share on other sites

Well you could purchase a router/switch and use that for the LAN gateway after the current modem/router then control the QoS of P2P.

Link to comment
Share on other sites

You could also just set a continuous DeAuth of his MAC from the router. I'm not sure how practical that would be for your situation or how to do this in whichever OS your running but I know Aireplay-ng can take care of this for you in Linux

Link to comment
Share on other sites

I do not think DeAuthing him is right. I also do not think DOSing him is cool either, but at least he will have some interent traffic.. The only viable option that seems fair is to filter torrent traffic and the ports associated with it, kind of like what sparda said. You will have to buy a router or a switch but you can get anything for free...or ask the owner to do it.

Link to comment
Share on other sites

Get a firewall, put it in between the 'modem' and the reset of the network, block all ports you don't need out bound, which for web browsing will be 80, 443 and 53.

It doesn't sound like this is possible given his situation. If he could physically add a firewall between the gateway and the rest of the nodes, he could physically unhook the cable.

There's really not enough information here to answer his question completely, but Deauthing probably won't work either as he doesn't really imply there's any authentication needed to use the LAN.

Further, he doesn't allude to it being a corporate situation. So there's probably not a "boss" to report him to, and it sounds like he did report it to who he thought could help.

Listening to the question would probably help before trying to give advice.

If we take his question as completely hypothetical, or in a controlled lab environment for educational purposes, one might suggest looking at routing protocols. Ideally, if you want this "rogue" user to stop using more than his fair share of the bandwidth, you could become his gateway through any number of methods (you're on the same LAN, look up LAN attacks including ARP cache poisoning). From there you should set up your computer to properly act as his gateway and just throttle his connection speeds for the given Bittorent port.

This way no one is DOS'd, and you still get to call home.

Link to comment
Share on other sites

Get a firewall, put it in between the 'modem' and the reset of the network, block all ports you don't need out bound, which for web browsing will be 80, 443 and 53.

he could just change which port his torrent client uses to download though

Link to comment
Share on other sites

he could just change which port his torrent client uses to download though

Hopefully the firewall would also have the feature to spot bittorrent traffic by packet signature. Even with out this feature, all you have to do is use the firewall to build a list of trackers IP addresses and black list them.

A hardware firewall device is the correct answer in this situation I believe. You might be able to do a ARP poison the switch(s) and then possibly spoof a bunch of reset packets for every request his bitorrent client makes, but you might not either. For example, his computer might be running a firewall such as Zone Alarm (even though I never would use this crapware) which prevents this. If this is the case all bets are off, get a hardware firewall.

Link to comment
Share on other sites

Hopefully the firewall would also have the feature to spot bittorrent traffic by packet signature. Even with out this feature, all you have to do is use the firewall to build a list of trackers IP addresses and black list them.

A hardware firewall device is the correct answer in this situation I believe. You might be able to do a ARP poison the switch(s) and then possibly spoof a bunch of reset packets for every request his bitorrent client makes, but you might not either. For example, his computer might be running a firewall such as Zone Alarm (even though I never would use this crapware) which prevents this. If this is the case all bets are off, get a hardware firewall.

Again, where's he going to put the hardware firewall? In between his connection and the router would do no good as it would have no effect on the rogue user. He all ready stated that he has no access to the router (which seems to imply where their connections come from), so it seems unlikely that he'd be able to just wander into the switch cabinet and add a device.

However, if he were to make himself the rogue user's gateway (through whatever means you'd like -- ARP Poisoning was just an example; and what percentage of users use static ARP tables?) then this is a nonissue all together since he would effectively be the administrator of the rogue client's network and would get the same benefits of a hardware firewall.

Further, blacklisting, in general is silly. Read a security book. You want to whitelist. And what packet signature would you expect the firewall to pick up if the Bittorrent client is using encrypted transport? Random bytes to random IPs on random ports is a ridiculous idea to try to blacklist.

Link to comment
Share on other sites

Further, blacklisting, in general is silly. Read a security book. You want to whitelist. And what packet signature would you expect the firewall to pick up if the Bittorrent client is using encrypted transport? Random bytes to random IPs on random ports is a ridiculous idea to try to blacklist.

Blacklisting is the correct way to stop unwanted behavior. Whitelisting is when you assume the users are evil little buggers from the get go. If you blacklist the major trackers plus keep an eye on new ones that are been used you significantly reduce the chance of his torrent client working.

If his client supports DHT that would be a bit more difficult to stop entirely but you can certainly cripple it with even a retarded firewall.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...