Jump to content

Wifi Mitm/arp Poisoning

gandaran

By gandaran
in Questions

 Share

Recommended Posts

gandaran Newbie

gandaran

Posted
  • Author
Posted

Highly unlikely, but you would notice a big difference in lag when browsing. Also if the computer doing the attack goes out of range, you wont have internet period until you clear your arp cache on your PC and router.

thanks

I posted the question cause yesterday happened something I have never seen before on this computer, I could browse the internet but could not scroll the page with the mouse or use scroll bar, there was a lot of scroll lagging on any web broswer, I don't know what caused it but came to my mind my computer was under attack! anyway I rebooted and the problem was gone.

by the way how do I clear the arp cache on th PC and router, (Ubuntu 10.10, chromium, opera and firefox)

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

thanks

I posted the question cause yesterday happened something I have never seen before on this computer, I could browse the internet but could not scroll the page with the mouse or use scroll bar, there was a lot of scroll lagging on any web broswer, I don't know what caused it but came to my mind my computer was under attack! anyway I rebooted and the problem was gone.

by the way how do I clear the arp cache on th PC and router, (Ubuntu 10.10, chromium, opera and firefox)

Arp has nothing to do with a browsers functionality with scrolling. Its merely a way for another person to peek at all your traffic. They could however control what pages you see and even serve you fake versions of sites you tried to visit, such as gmail, banks, etc. but the scrolling issue I think might have just been a bug on the page you were on or the pc itself. Rebooting fixed it, so hard to say if it was an actual attack or not.

Look up the arp command from a terminal or the man pages for more info, but if you are paranoid, you can set static entries for your router/gateway so no one can arp poison you.

Under windows its "arp -s xx:xx:xx:xx:xx:xx" where xx is the mac address you want to add. I don't have linux open at the moment, so I don't know the exact command, but its similar. Disabling and re-enabling the nic resets this under windows, but not sure under linux. Do delete your arp cache in windows, type "arp -d *" and then do an "arp -a" to list your arp table. Again, linux commands are similar but I don't have it in front of me a the moment, and I'm too lazy to google it for you...

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

Under windows its "arp -s xx:xx:xx:xx:xx:xx" where xx is the mac address you want to add. I don't have linux open at the moment, so I don't know the exact command, but its similar. Disabling and re-enabling the nic resets this under windows, but not sure under linux. Do delete your arp cache in windows, type "arp -d *" and then do an "arp -a" to list your arp table. Again, linux commands are similar but I don't have it in front of me a the moment, and I'm too lazy to google it for you...

Don't you worry my friend, got your back covered.

http://linux.about.com/library/cmd/blcmdl8_arp.htm

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted (edited)

I want to make a note here, if you are trying arp -s commands under a 64-bit Windows 7 (and possibly Vista, but haven't tested this) you can't do arp -s to add static entries.

Even when doing a "run as administrator" for the cmd prompt, you need to use 

"netsh interface ipv4 add neighbors "Local Area Connection" x.x.x.x xx-xx-xx-xx-xx-xx

instead, where x.x.x.x is the IP of your gateway or device you want to add and xx-xx-xx-xx-xx-xx is the mac address of the device. "Local Area Connection" is the name of the adapter in use, and this can vary depending on how many NICs you have in use and what they are named.

What you can do is throw that command string into a bat script, and then right click it and select "run as administrator". The nice thing about this, is that evne when disabling and re-enabling the NIC, it seems to save the static entry, unlike the old way through arp -s, which seems to clear when disabling and re-enabling the NIC.

Edited by digip
Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

There are tools like ArpWatch or ArpON that can alert you if you gateway ip address changes. if it changes, chances are someone is arp poisoning the network.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...