How Can I stop ARP Attack on my lan?
-
hello. I had great problem yesterday on my network(35 PC). It's an Internet Cafe.
Problem was suddenly my few pc's lossing there connection from network one by one. First I thought It was lan Virus. But it wasnt like that. I have nod32 antivirus and DeepFreeze all of my workstation. And i tried to scan with nod32 all of my infected PC's and then also i did restart my infected PC's but still i couldnt brows net and couldnt communicate with my router(PFsense). During that time i thought may be my lan cable or Network Switch causing problem. but when i use this cable with my laptop i can easyly connect with my router and can use net. So it wasnt my cable or switch problem.
Then i thought may be it is ARP problem. When i restart my all 35 workstation including my server and also my pfsense BOX. Everything goes fine. So please please tell me how can i stop this kind of attack. It will be great help if someone can help me.
I will wait for kind respond. Thank you
-
http://en.wikipedia.org/wiki/ARP_spoofing
-
Thank you for your kind respond. Yes i read that article and trying to find good solution. Also I bought Pfsense Book 3 days before for better understand. It would be better if some one explain how can i stop this through Pfsense. I will wait for kind respond. Thank you.
I don't want to lose pFsense Benefit. Its an Awesome Product. Actually we are using 13 Pfsense Box in 13 different Cybercafe. And those Running like a Charm. Unless that incident happened.
So please help us. Thank you…..
-
Disable your DHCP and run with fixed IP's. That will help a little….
-
The problem here isn't going to be solved with pfSense. Configure port security on your switches.
-
But My switch are not managed switch. all are unmanaged switch. So do i need to replace those?
-
Yes and set the port security to 1 ip static….
But My switch are not managed switch. all are unmanaged switch. So do i need to replace those?
-
If you legitimately feel that ARP spoofing attacks are that large of a threat to your network, then yes, that would be the solution. Another solution would be to ensure that no one on your network is able to install software or attain privileges enough to mount that kind of attack. Both would be the best solution.
-
Thanks a lot both of you. I think I should replace the Switch and then follow the instruction as you said. This is Cybercafe. so i can not stop them to install software. and many times they use many different software. So i think its better i change switch. Thanks a lot again. I love this forum a lot…...........God Bless All.
-
What do you mean you cannot keep them from installing software? That's EXACTLY what you should be doing. Those are your computers. Have all your computers authenticate against AD and use GPOs to limit user rights. Every cybercafe I've been to does this.
-
… Unless they allow users to bring their own laptop and connect it to their network.
In such a case i would setup two networks. One with stationary computers, locked down so noone can do anything. And a managed switch with every port in its own VLAN for mobile computers. -
Very Kind Thanks Both of you for nice suggestion's. Yes i understand i have all the rights. But problem is many times i saw some people like to use many different software(Converter, chatting soft, small game etc) which are not harmful for my network.So on that point if they don't have permission then it makes more difficult for me(Losing customer and calling too much). Believe me where my cybercafes are located these area are very busy and those customer are also very very rusty(Don't know Computer well) to operate. They do almost everything.
Only for that reason i have to give them permission. But still i have to protect my network as much as possible.
Yes first i thought i may use Vlan. but problem is slowness. I have one thread about Vlan here long time ago for my cybercafe.
Honestly tell you Before i had many problems with my those Cybercafe only for bad router and configuration. But when i started to use pfsense and this Forum . I fall in haven swear….......
Recently i bought Pfsense Book. And trying to understand everything. so that i can keep my network safe as much as possible.
Thank you once again both of you. I will follow your suggestions. Thank you and God Bless all.....
-
I'm operating a CyberCafe as well (and was a consultant in this for nearly a decade) and I can safely say this..
1) You need to have some form of software security
2) You need to observe your customers needs and install the software they needOn point 1, there is no such thing as giving users full rights over the system (even when I experimented with disk image based management systems which reset on reboot, access to system settings were locked down).
If they need admin rights for installing software then you need to have some form of lock down on the critical aspects of the system.In Windows, you can use registry hacks to:
1) Disable right clicking on the desktop (no changing of graphics settings, wallpaper etc)
2) Disable taskbar icons (no disabling of antivirus, changing of network settings)
3) Disable right-clicks on Start Menu (no adding/ removing shortcuts)
4) Disable Command Prompt (No access to what you need to secure via the command line)
5) Disable Batch/ CMD files, VBscripts or Registry Files (choose one of the latter 2 since you need either to unlock the secured system for maintenance; I recommend disabling Registry files since it's far harder to find and download a VBscript to unlock system policies)
6) Disable drive access and Windows Explorer (all downloaded files will hit the desktop since that is the one folder you cannot deny access to)Couple this with removing the shortcuts to Control Panel and Network settings in the Start Menu and the user won't be able to muck around with changing the Network Adapter settings for a start.
In such an environment, run Deepfreeze or Windows SteadyState to reset the software installations upon a reboot.
On the second point, if you start to learn what your customers need and install them, then you need not give them access rights.
I have helped setup and managed CyberCafes with more than 100 applications and games per PC simply because a lockdown was required.
It takes time to update and patch these but trust me, you'll lose more money and man hours if anything screws up because of a user messing around with the system.
