(help) I need to protect my Server from NetCut

MeroMarko · Nov 3, 2010, 11:28 AM

Please Ineed to Hide PFsense Default GateWay and Clints IP's

Cry Havok · Nov 3, 2010, 12:56 PM

From what and where? Are you referring to the ARP mapping tool called NetCut from Arcai? Are you trying to stop people on your LAN from mapping the LAN?

MeroMarko · Nov 3, 2010, 1:48 PM

Yes
and i want to show virtual gateway in client connection
Like this

Cry Havok · Nov 3, 2010, 5:14 PM

With the exception of when you're using PPPoE your gateway must be on the same subnet. That means that you can't allocated 10.0.0.1 as the gateway for 192.168.1.x/255.255.255.0.

It might help if you were to explain more about your configuration, why you're referring to 10.0.0.1 as a "virtual gateway" and what you're trying to achieve.

MeroMarko · Nov 6, 2010, 4:03 PM

i use captive portal and squid (proxy server) and squidguard (proxy Filter) only.
Do not use pppoe yet

Cry Havok · Nov 6, 2010, 5:12 PM

I'll say it again - if you tell us what you're trying to achieve we may be able to help you do that.

MeroMarko · Nov 8, 2010, 7:44 AM

Okay , I want to protect every user and server gateway from NetCut.

Cry Havok · Nov 8, 2010, 12:32 PM

Please, read up on how ARP works and what it's for.

I'm still curious what danger you think NetCut poses and why you're so worried about it. Have you already ensured that every system is kept fully up to date with all updates, patches and AV signatures? Have you already limited user privileges and are you controlling what applications they can run and their use of removable media? Are you already ensuring that no unauthorized devices can be connected to your network? Have you done background checks on your staff since it's clear you don't trust them?

To limit this you'd have to use a VLAN capable switch with each switch port on a separate VLAN (and optionally locked down to a single MAC address). Then each device will only be able to directly communicate with the gateway.

serangku · Nov 13, 2010, 4:10 AM

@ Cry Havok …

wired environment is quite simply to protect
its not like dangerous to much, just annoying ...
how about on wireless/hotspot environment ?
its cause cut other from accesing internet ... really annoying
some understand how to protect self, how about just general user ?
i think that @MeroMarko achieve want ...

is there some firewall or anything direct from pfsense to protect it ?

and meanwhile i also used xarp app to watch something arp attack
get the mac attack, ban on pfsense

still looking simple way on dhcp environment
its like :
automatic to make static gateway iclude mapping client every time client get dhcp

Cry Havok · Nov 13, 2010, 11:07 AM

@serangku you're confusing the issue - MeroMarko is talking about using ARP to map what machines are on the network. You're talking (from what I can tell) about ARP spoofing. Those are 2 very different things.

serangku · Nov 13, 2010, 1:40 PM

im sorry if make confusing the issue …
i just read the subject : (help) I need to protect my server from NetCut

MeroMarko, you get advantage or disadvantage from NetCut app ?
or maybe, if some one on your network use NetCut app, you get advantage or disadvantage ?