Netcut Wi-Fi

BimoZX · 2010-06-24 04:07:57

At campus I've been having these problem with the hotspot, cause someone keeps cutting the connection with netcut.

Did anyone ever have the same problem, and come up with the solution?

If possible the solution is without typing the IP Address everytime.

tomk · 2010-06-24 05:54:45

BimoZX wrote:

someone keeps cutting the connection with netcut.

Arch is an impressive distro, but it's not capable of controlling the actions of others (yet... ). Ask for help from your local network administrators.

BimoZX · 2010-06-24 07:46:50

I thought there is a solution like ARP Spoofing to prevent your network from being cut from host?

tomk · 2010-06-24 09:11:32

My point is if someone is screwing around with your connection, the best solution is to get them to stop.

ngoonee · 2010-06-24 11:48:07

And considering the person who's doing it probably administrates the network, you're basically trying to bypass your university's networking policy.

Stebalien · 2010-06-24 16:42:15

@ngoonee: It could also just be an annoying student. An administrator would probably filter the connections at the router (MAC filtering).

@op: AFAIK netcut uses arp -> see arptables

BimoZX · 2010-06-24 19:08:02

If I knew the person, I would probably do just that.

@Stebalien: can you explain in more details?

Last edited by BimoZX (2010-06-24 19:10:36)

Stebalien · 2010-06-24 19:32:20

You can try blocking arp requests from everyone but the router (see the examples section of the arptables manual). I know nothing about netcut so I can't give you any more details.

Edit:
To do the following, you MUST get the permission of your network's admin.
To find the person, fire up wireshark, wait to be disconnected, and look at the source (mac address) of the offending packets. Then reconnect, fire up wireshark again, filter your packets by this mac address, and wait for the owner of the laptop to send identifiable information unencrypted. You can also look up their mac address, find its make/model, and find a matching laptop.

Last edited by Stebalien (2010-06-24 19:37:49)

BimoZX · 2010-06-24 21:25:33

Never mind, I seem to find a solution here
http://ubuntuforums.org/showthread.php?t=370250

Thank you for all of your help

hunterthomson · 2010-06-25 05:19:48

Hum, this is cool I never herd of netcut before.

You know Tuxcut is in the AUR. I just installed it and it has an option built in to protect your arp cash. A few other tools where installed that look like fun to learn too such as arptables and arpscan... Which I guess are the real tools being used.

You could install it and then watch wireshark. See who is giving you problems and then DOS them

It poisons the arp cash and tells everyone that the Victim's IP is at the Attacker's MAC address
(which is kind of stupid. I'll change that code... It would be better to map there IP to the GW MAC so all their traffic to the GW just gets looped back to the localhost)

So, if you watch wireshark you will see someone broadcasting arp packets saying your IP is mapped to there MAC. Then you can just attack them. If it is a Wireless network your best bet would be to use Airdrop-ng. That lets you write a config file to send 802.11 deauth packets to specific MAC addresses.

In short, Archlinux can control what other people can do. An impressive OS indeed.

Last edited by hunterthomson (2010-06-25 11:12:59)

BimoZX · 2010-06-26 20:27:51

Thanks for the info, I didn't know tuxcut have an option to protect you from ARP attacks.

Control what other people can do is a little much for me, being able to protect my laptop is enough for me.

hunterthomson · 2010-06-28 03:21:46

BimoZX wrote:

Thanks for the info, I didn't know tuxcut have an option to protect you from ARP attacks.
Control what other people can do is a little much for me, being able to protect my laptop is enough for me.

Right on, ya you just check that box and then it will protect your ARP cache. It even has a nice little system try icon. However, being able to DeAuth people that are causing other people problems seems fair to me.

BUT, if it is an unencrypted network.... he could still see all the packets and still send out ARP broadcasts to the open network and still know everyones MAC and still cause problems.... However, DeAuth'ing him would make it harder for him, because the tools that make that kind of thing Point-n-Click expect you to be connected to the network. such as ettercap.

Owe also, if your going to be using public WiFi or Unencrypted WiFi. Make sure to at least tunnel all your traffic through SSH to a computer at home. Better yet, setup OpenVPN on a dedicated home computer/server then connect to that when ever you use Wireless..... Better still... set up that OpenVPN server and have that in-between your cable modem and your Linksys router. Then have the only way to get to the Internet is to connect to your Linksys -> then login to the VPN -> Then have Internet connection. So like have it set up like this and connect to the VPN even when your at a HotSpot or something.

Wireless-AP--Linksys -> OpenVPN -> Firewall -> cable modem

This setup could be next to Free. Just get a super old computer, put a couple Ethernet NIC's in it and make it your VPN...........

Hum, maybe also install OpenRADIUS or Free RADIUS on it for authentication to the Wireless WPA2. You could feel free to buy more NIC's and then set-up all the servers on the one Box and use QEMU-KVM to setup Virtual Servers.

Last edited by hunterthomson (2010-06-28 03:45:12)

BimoZX · 2010-06-28 19:15:04

You lost me there, it's a little too much on me now. I'm just glad that I know some facts that could protect my future Wifi Networks, and how-to DeAuth someone.

Just hoping that it doesn't happen too me

Thanks a lot for the information it seems to be something very useful to me in the near future.

hunterthomson · 2010-06-29 03:29:46

Ya, I tend to soapbox on forums...

BimoZX · 2010-07-03 19:13:21

But it's very much welcomed.

R00KIE · 2010-07-04 17:59:49

Beware because you are sailing murky waters.

Forcing some offender to disconnect, although morally ok, is most probably against the policies instated by your university's network department, and its is prone to be abused by you to disconnect anyone you don't like, which most certainly will get you into trouble.

hunterthomson · 2010-07-05 00:53:50

Ya, that is another good reason to kick with Airdrop-ng by sending DeAuth packets that don't have any identifying information in them. Keep macchanger in mind too.

Also, a more costly but easier way to secure your traffic is to pay for an offshore VPN account. Will not help you with getting kicked but it will help you a little with getting your accounts cracked. Also it will help a lot with MITM and airpwn attacks.
http://myvpnreviews.com/all-vpn-provider/

Last edited by hunterthomson (2010-07-15 03:01:16)

BimoZX · 2010-07-09 09:08:35

What I want to do, is actually protecting myself, not really interested in disconnecting people. It is just nice to know how to do it.

Arch Linux

#1 2010-06-24 04:07:57

Netcut Wi-Fi

#2 2010-06-24 05:54:45

Re: Netcut Wi-Fi

#3 2010-06-24 07:46:50

Re: Netcut Wi-Fi

#4 2010-06-24 09:11:32

Re: Netcut Wi-Fi

#5 2010-06-24 11:48:07

Re: Netcut Wi-Fi

#6 2010-06-24 16:42:15

Re: Netcut Wi-Fi

#7 2010-06-24 19:08:02

Re: Netcut Wi-Fi

#8 2010-06-24 19:32:20

Re: Netcut Wi-Fi

#9 2010-06-24 21:25:33

Re: Netcut Wi-Fi

#10 2010-06-25 05:19:48

Re: Netcut Wi-Fi

#11 2010-06-26 20:27:51

Re: Netcut Wi-Fi

#12 2010-06-28 03:21:46

Re: Netcut Wi-Fi

#13 2010-06-28 19:15:04

Re: Netcut Wi-Fi

#14 2010-06-29 03:29:46

Re: Netcut Wi-Fi

#15 2010-07-03 19:13:21

Re: Netcut Wi-Fi

#16 2010-07-04 17:59:49

Re: Netcut Wi-Fi

#17 2010-07-05 00:53:50

Re: Netcut Wi-Fi

#18 2010-07-09 09:08:35

Re: Netcut Wi-Fi

Board footer