Booting someone from the LAN remotely...

[X3N]

get a linux live cd and when he's not looking boot up his computer and open a terminal and type rm -rf /

[Ingo]

I think he does not have physical access to "Marks" computer, otherwise there would be alot of things he could do.

[aeturnus]

Blacklisting is the correct way to stop unwanted behavior. Whitelisting is when you assume the users are evil little buggers from the get go. If you blacklist the major trackers plus keep an eye on new ones that are been used you significantly reduce the chance of his torrent client working.

If his client supports DHT that would be a bit more difficult to stop entirely but you can certainly cripple it with even a retarded firewall.

Did that even make sense in your head?

You want him to try to document all the trackers this guy's going to be using and hope he's not using DHT? Who doesn't use Azureus with encrypted transport? (DHT + no packet signature by default).

Blacklisting is not the answer for this. The elegant solution allows him to have the greatest control over the other guy's network speeds, not hoping that the other guy isn't as good as the vast majority of users on the Internet.

[Sparda]

There is one more 'attack' that has been over looked (but I still say hardware firewall ftw). You could try and setup your own DHCP server that exclusively targets him. I'd guess that the 'real' DHCP server is closer to the target in the network layout so you just have to hope that it's slow.

[ZeroBeat]

I agree with aeturnus, the only way to go without having to obtain physical access to the equipment, would be to use something like arp-poisoning, and filter the traffic through something like a firewall, of any other solution that can block ports, maybe, just limit him to a list of ports, for normal, not-heavy applications like messenger and web... I know some of my friends did it for my entire school network, blocking everything except port 80 (Did not go very well, since there sappy laptop was not enough to handle it, so the internet speed dropped to like 1%). DoS is not a very good solution, since it would normally require something like a zombie-network? might be a bit extreme, to do jail time, just to kick someone of the web? And I'm not sure about what is meant by physical firewall, cause in my ears it sounds like you mean like a small commercial firewall server? that would require he actually was administrating the web. But well if it meant like and old box, set up to constantly arp-poison + filter traffic, then yeah.

[aeturnus]

There is one more 'attack' that has been over looked (but I still say hardware firewall ftw). You could try and setup your own DHCP server that exclusively targets him. I'd guess that the 'real' DHCP server is closer to the target in the network layout so you just have to hope that it's slow.

Glad you finally agree with me Sparda, that getting in between the rogue user's connection and the gateway is the way to go.

[Mat]

The problem is that you want to deal with an abuse of the network, by abusing the network; that's just going to fail.

If the guy is not following the known rules, then fire him. I'm making the guess that this is an employment situation, the fix is to get rid of him.

If that is simply not an option then you will need to install kit that's capable of managing the staff more effectively, as has already been mentioned. I suggest a smoothwall installed on an old computer, that should do nicely.

[aeturnus]

The problem is that you want to deal with an abuse of the network, by abusing the network...

Is that really a problem?

[Mat]

Is that really a problem?

I guess that depends your perspective.

To me, yes it's a problem. There are far better ways to deal with this than blackhat techniques.

[aeturnus]

I guess that depends your perspective.

To me, yes it's a problem. There are far better ways to deal with this than blackhat techniques.

From this guy's scenario it doesn't sound like he's got a lot of options. The person in power to disable or throttle the rogue user's connection won't act. When the system lets you down, sometimes you have to take matters into your own hands.

Did you have a better solution for when there is an absence of a system to remove users like this and you are prevented from modifying the network layout?

[*5H4D0W*]

mawwbox i have the very thing you are looking for. we used this in our computer class to fck with someone who wouldnt shut up. lol

idk how your systems are set up, idk if everyone has their own pc or if you have workstations. or if this is an office environment or if the computers are in your dorms or wat. but assuming its workstations in an office then your golden. what your gonna do is when this person isnt around gain access to the machine he typically uses and install this program on it. poweroff download its called poweroff and its a work of art. it runs in the background and you can log into it over a lan and do things such as shut off monitors, turn off the computer, lock the computer, log the user off and much more. it should only take a few times of this before he gives up and thinks theres something wrong with his pc.

if everyone has their own personal pc, or the pc's are in dorms or the like, then it becomes alittle tougher. message me and ill give you a brief walkthrough if that is the case. cuz this is getting pretty long.

[MawwBox]

if everyone has their own personal pc, or the pc's are in dorms or the like, then it becomes alittle tougher. message me and ill give you a brief walkthrough if that is the case. cuz this is getting pretty long.

hey thanks. I'll have to try that.

Well you guys have been very helpful. I think I was able to use ettercap and ARP cache poison him. However, I used the poison one-way feature. Please correct me if I'm wrong but did that stop his traffic? I haven't gotten a chance to see if it actually worked yet. I am sorry I don't know all this stuff yet...I'm learning and you are all very helpful.

I wish I had come by here ealier...because It's time to come back home! woot :-)

I liked all your ideas...I think I'll test them back home in a controlled environment and see which ones I liked the best.

Could you link some of your resources to these techniques? That would be very helpful.

-MawwBox

[gEEEk]

hey thanks. I'll have to try that.

Well you guys have been very helpful. I think I was able to use ettercap and ARP cache poison him. However, I used the poison one-way feature. Please correct me if I'm wrong but did that stop his traffic? I haven't gotten a chance to see if it actually worked yet. I am sorry I don't know all this stuff yet...I'm learning and you are all very helpful.

I wish I had come by here ealier...because It's time to come back home! woot :-)

I liked all your ideas...I think I'll test them back home in a controlled environment and see which ones I liked the best.

Could you link some of your resources to these techniques? That would be very helpful.

-MawwBox

Great.

Ettercap is a great piece of software. If you haven't discovered it yet, ettercap

has a plugin called "isolate". Which makes the user direct its traffic to its own computer.

"ettercap -T -q -i eth0 -P isolate /192.168.2.15/ // "

NOTE: This will not work the second you press enter on your computer. The ARP cache needs to be clean for this to work. The ARP cache will clean itself automatically after a while though.

[c0der3d]

I understand your problem, before I had blazing fast internet, my brother would use bit torrent and slow everyone down. The way I see it, you will need to put something between your users and the satellite modem. It will be the easiest solution.

With that said, buy a linksys router and enable QOS. If you really want to get your feet wet, install Tomato firmware. Its the perfect solution for you and its free.

You can do bandwidth QOS/Limiting using this firmware. Its excellent. Check it out: http://www.polarcloud.com/tomato

All else fails, you can fire him.

[khromoxome]

experiencing the same situation here.

but what i m using upto now is,netcut 2.0 which is a freeware.u can google it.

winarpattacker also a freeware is out there.u can try if you want.

if you wanna check out whether u actually cut him or not,u can use wildpackets omnipeek or colasoft capsa.

google them if you want.omnipeek 5.1.4 is cracked these days.look for it.

both omnipeek and capsa can show what protocol a computer on a lan is using and how much bandwidth it is using.

u can use omnipeek peer map view or any other view that you prefer.

n i think u can also print out the bandwidth usage as an evidence.

basically,i use omnipeek and netcut pair.

i am on a home network with about other 20 people.

it was lightning fast before.

recently,the speed was down and 404 error every time i want to go to a site,even google.

so i run omnipeek and found that,

an ip address was using bittorrent protocol.

p2p ports were blocked before in our network with the old router.

somehow the landlord changed his router and must have left the p2p ports opened.

so i just cut that machine running torrent (identified by the ip address found out from omnipeek) with netcut,

works like charm.hope this helps.

just try.(dunno much about network stuff,i m just a software user,if i m wrong about anything,my bad)

ettercap might also work.but somehow i can't run ettercap on my box.so have to stick with netcut.

better luck for you.

[pants123]

Just punch the kid in the face. Maybe if you do it hard enough, he'll stop breaking network rules.

But seriously, this is the network admin's prerogative. If he doesn't give a fuck that this guy is torrenting, you shouldn't either. He could easily stop him without resorting to anything malicious, and so if he does care he's a shitty admin.

[ZeroBeat]

Well have a blog post about how to do this right here. At least that is one way to do it. Tried it on a friend and it worked like a charm, and is pretty simple, command line should be just about the same in the windows command-line version, but haven't tried though.