X3N Posted December 8, 2008 Share Posted December 8, 2008 get a linux live cd and when he's not looking boot up his computer and open a terminal and type rm -rf / Quote Link to comment Share on other sites More sharing options...
Ingo Posted December 8, 2008 Share Posted December 8, 2008 I think he does not have physical access to "Marks" computer, otherwise there would be alot of things he could do. Quote Link to comment Share on other sites More sharing options...
aeturnus Posted December 8, 2008 Share Posted December 8, 2008 Blacklisting is the correct way to stop unwanted behavior. Whitelisting is when you assume the users are evil little buggers from the get go. If you blacklist the major trackers plus keep an eye on new ones that are been used you significantly reduce the chance of his torrent client working. If his client supports DHT that would be a bit more difficult to stop entirely but you can certainly cripple it with even a retarded firewall. Did that even make sense in your head? You want him to try to document all the trackers this guy's going to be using and hope he's not using DHT? Who doesn't use Azureus with encrypted transport? (DHT + no packet signature by default). Blacklisting is not the answer for this. The elegant solution allows him to have the greatest control over the other guy's network speeds, not hoping that the other guy isn't as good as the vast majority of users on the Internet. Quote Link to comment Share on other sites More sharing options...
Sparda Posted December 8, 2008 Share Posted December 8, 2008 There is one more 'attack' that has been over looked (but I still say hardware firewall ftw). You could try and setup your own DHCP server that exclusively targets him. I'd guess that the 'real' DHCP server is closer to the target in the network layout so you just have to hope that it's slow. Quote Link to comment Share on other sites More sharing options...
ZeroBeat Posted December 8, 2008 Share Posted December 8, 2008 I agree with aeturnus, the only way to go without having to obtain physical access to the equipment, would be to use something like arp-poisoning, and filter the traffic through something like a firewall, of any other solution that can block ports, maybe, just limit him to a list of ports, for normal, not-heavy applications like messenger and web... I know some of my friends did it for my entire school network, blocking everything except port 80 (Did not go very well, since there sappy laptop was not enough to handle it, so the internet speed dropped to like 1%). DoS is not a very good solution, since it would normally require something like a zombie-network? might be a bit extreme, to do jail time, just to kick someone of the web? And I'm not sure about what is meant by physical firewall, cause in my ears it sounds like you mean like a small commercial firewall server? that would require he actually was administrating the web. But well if it meant like and old box, set up to constantly arp-poison + filter traffic, then yeah. Quote Link to comment Share on other sites More sharing options...
aeturnus Posted December 9, 2008 Share Posted December 9, 2008 There is one more 'attack' that has been over looked (but I still say hardware firewall ftw). You could try and setup your own DHCP server that exclusively targets him. I'd guess that the 'real' DHCP server is closer to the target in the network layout so you just have to hope that it's slow. Glad you finally agree with me Sparda, that getting in between the rogue user's connection and the gateway is the way to go. Quote Link to comment Share on other sites More sharing options...
Mat Posted December 9, 2008 Share Posted December 9, 2008 The problem is that you want to deal with an abuse of the network, by abusing the network; that's just going to fail. If the guy is not following the known rules, then fire him. I'm making the guess that this is an employment situation, the fix is to get rid of him. If that is simply not an option then you will need to install kit that's capable of managing the staff more effectively, as has already been mentioned. I suggest a smoothwall installed on an old computer, that should do nicely. Quote Link to comment Share on other sites More sharing options...
aeturnus Posted December 9, 2008 Share Posted December 9, 2008 The problem is that you want to deal with an abuse of the network, by abusing the network... Is that really a problem? Quote Link to comment Share on other sites More sharing options...
Mat Posted December 10, 2008 Share Posted December 10, 2008 Is that really a problem? I guess that depends your perspective. To me, yes it's a problem. There are far better ways to deal with this than blackhat techniques. Quote Link to comment Share on other sites More sharing options...
aeturnus Posted December 10, 2008 Share Posted December 10, 2008 I guess that depends your perspective. To me, yes it's a problem. There are far better ways to deal with this than blackhat techniques. From this guy's scenario it doesn't sound like he's got a lot of options. The person in power to disable or throttle the rogue user's connection won't act. When the system lets you down, sometimes you have to take matters into your own hands. Did you have a better solution for when there is an absence of a system to remove users like this and you are prevented from modifying the network layout? Quote Link to comment Share on other sites More sharing options...
*5H4D0W* Posted December 10, 2008 Share Posted December 10, 2008 mawwbox i have the very thing you are looking for. we used this in our computer class to fck with someone who wouldnt shut up. lol idk how your systems are set up, idk if everyone has their own pc or if you have workstations. or if this is an office environment or if the computers are in your dorms or wat. but assuming its workstations in an office then your golden. what your gonna do is when this person isnt around gain access to the machine he typically uses and install this program on it. poweroff download its called poweroff and its a work of art. it runs in the background and you can log into it over a lan and do things such as shut off monitors, turn off the computer, lock the computer, log the user off and much more. it should only take a few times of this before he gives up and thinks theres something wrong with his pc. if everyone has their own personal pc, or the pc's are in dorms or the like, then it becomes alittle tougher. message me and ill give you a brief walkthrough if that is the case. cuz this is getting pretty long. Quote Link to comment Share on other sites More sharing options...
MawwBox Posted December 13, 2008 Author Share Posted December 13, 2008 if everyone has their own personal pc, or the pc's are in dorms or the like, then it becomes alittle tougher. message me and ill give you a brief walkthrough if that is the case. cuz this is getting pretty long. hey thanks. I'll have to try that. Well you guys have been very helpful. I think I was able to use ettercap and ARP cache poison him. However, I used the poison one-way feature. Please correct me if I'm wrong but did that stop his traffic? I haven't gotten a chance to see if it actually worked yet. I am sorry I don't know all this stuff yet...I'm learning and you are all very helpful. I wish I had come by here ealier...because It's time to come back home! woot :-) I liked all your ideas...I think I'll test them back home in a controlled environment and see which ones I liked the best. Could you link some of your resources to these techniques? That would be very helpful. -MawwBox Quote Link to comment Share on other sites More sharing options...
gEEEk Posted December 13, 2008 Share Posted December 13, 2008 hey thanks. I'll have to try that. Well you guys have been very helpful. I think I was able to use ettercap and ARP cache poison him. However, I used the poison one-way feature. Please correct me if I'm wrong but did that stop his traffic? I haven't gotten a chance to see if it actually worked yet. I am sorry I don't know all this stuff yet...I'm learning and you are all very helpful. I wish I had come by here ealier...because It's time to come back home! woot :-) I liked all your ideas...I think I'll test them back home in a controlled environment and see which ones I liked the best. Could you link some of your resources to these techniques? That would be very helpful. -MawwBox Great. Ettercap is a great piece of software. If you haven't discovered it yet, ettercap has a plugin called "isolate". Which makes the user direct its traffic to its own computer. "ettercap -T -q -i eth0 -P isolate /192.168.2.15/ // " NOTE: This will not work the second you press enter on your computer. The ARP cache needs to be clean for this to work. The ARP cache will clean itself automatically after a while though. Quote Link to comment Share on other sites More sharing options...
c0der3d Posted December 16, 2008 Share Posted December 16, 2008 I understand your problem, before I had blazing fast internet, my brother would use bit torrent and slow everyone down. The way I see it, you will need to put something between your users and the satellite modem. It will be the easiest solution. With that said, buy a linksys router and enable QOS. If you really want to get your feet wet, install Tomato firmware. Its the perfect solution for you and its free. You can do bandwidth QOS/Limiting using this firmware. Its excellent. Check it out: http://www.polarcloud.com/tomato All else fails, you can fire him. Quote Link to comment Share on other sites More sharing options...
khromoxome Posted December 18, 2008 Share Posted December 18, 2008 experiencing the same situation here. but what i m using upto now is,netcut 2.0 which is a freeware.u can google it. winarpattacker also a freeware is out there.u can try if you want. if you wanna check out whether u actually cut him or not,u can use wildpackets omnipeek or colasoft capsa. google them if you want.omnipeek 5.1.4 is cracked these days.look for it. both omnipeek and capsa can show what protocol a computer on a lan is using and how much bandwidth it is using. u can use omnipeek peer map view or any other view that you prefer. n i think u can also print out the bandwidth usage as an evidence. basically,i use omnipeek and netcut pair. i am on a home network with about other 20 people. it was lightning fast before. recently,the speed was down and 404 error every time i want to go to a site,even google. so i run omnipeek and found that, an ip address was using bittorrent protocol. p2p ports were blocked before in our network with the old router. somehow the landlord changed his router and must have left the p2p ports opened. so i just cut that machine running torrent (identified by the ip address found out from omnipeek) with netcut, works like charm.hope this helps. just try.(dunno much about network stuff,i m just a software user,if i m wrong about anything,my bad) ettercap might also work.but somehow i can't run ettercap on my box.so have to stick with netcut. better luck for you. Quote Link to comment Share on other sites More sharing options...
pants123 Posted December 18, 2008 Share Posted December 18, 2008 Just punch the kid in the face. Maybe if you do it hard enough, he'll stop breaking network rules. But seriously, this is the network admin's prerogative. If he doesn't give a fuck that this guy is torrenting, you shouldn't either. He could easily stop him without resorting to anything malicious, and so if he does care he's a shitty admin. Quote Link to comment Share on other sites More sharing options...
ZeroBeat Posted December 24, 2008 Share Posted December 24, 2008 Well have a blog post about how to do this right here. At least that is one way to do it. Tried it on a friend and it worked like a charm, and is pretty simple, command line should be just about the same in the windows command-line version, but haven't tried though. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.