|
-
July 30th, 2005, 05:55 PM
#1
Junior Member
someone screwing with ARP
hi all!
My software firewall has been recently notifying me:
Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer.
Packet data is shown in the right window.
If any advanced programmers (assembly) would like to see the packet data let me know here and I can PM it to you. I would rather not post it in public being as it may contain IPs. However if you think you can decode it and tell me a little about it, it would be GREATLY appreciated. my network security skills are not what I would consider "newbie", but I posted this here as I could not find another forum to suit it (if there is, moderators feel free to move).
I am new to ARP. I have been doing some recent reading on the net about it and found that it is a weak spot as it requires no authentication. It is used as a classic man-in-the-middle attack, where an attacker can make your PC think that they are connecting to a trusted network (your ISP) when really you may also be connecting to another PC who could be sniffing packets travelling from your PC to the ISP's server. This can be used to reveal stuff like usernames and passwords travelling through the network.
My firewall clearly cannot stop this (even though I have "anti-IP spoofing" enabled, I am not sure if this applies to the same thing), and I am sure there are no firewalls capable of it. So I am just wondering. Is there any way to stop this? I have recently found that almost every time I turn on my modem (start a new PPPoE session) that my IP changes. I think this would help greatly. But what I am asking is there anyway that I can tell if someone is "mac spoofing" and stop it?
also another short question. I am trying to use netstat.exe to check for any unknown connections. I go to Start > Run and type "netstat.exe". The netstat window pops up and closes so fast that I can't read it. Is there any way that I can make the netstat window keep from closing so quick so that I can look over my current connections?
anyone who can please answer one or both of these questions it would be GREATLY appreciated.
thanks alot in advance! 
- ryan
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote