I was wondering, can I force Windows to use a static gateway defined by the IP and MAC address (Both), to prevent ARP spoofing (e.g. NetCut)?
So even if I have been spoofed Windows will ignore the new ARP response and communicate only with the router (192.168.1.1 + MAC address).
I know I can set static default gateway IP, but I need to set the gateway MAC address as well.
I'm using Windows 10 and Ubuntu 16.04 by the way.
Yes, you can do this. Although naive ARP spoofing results that the client machine gets multiple ARP replies (one from the original gateway and one from your software). This can be detected in its side - so, first check if the Windows doesn't have some protection against it.
Note: this protection can help against ARP spoofing, but still doesn't protect against ARP cloning. I.e. a compromised system can clone the ARP of the gateway and thus it can "motivate" the switch to redirect its traffic to it.
Although modern switches have sophisticated protection against attacks such this.
Ok guys, after some research and a help of a friends, I found an answer for Windows OS:
P.S. use CMD to execute the commands below
First: to show our current arp table:
arp -a
you will get a list of entries with the informations; IP, MAC, and type (static/dynamic)
I'm using a home router, which ip is 192.168.1.1 by default, you may have other address, so check up first with you router
you will notice that the Connection Type to the router is Dynamic
Second: now we need to know the wireless connection interface name:
netsh interface show interface
you will get a list of interface (LAN, WiFi, VPN connections, etc), my wireless connection interface name is "Wi-Fi", you might get something like "Wireless Network Connection", so just note it somewhere.
Third: now we assign the MAC and IP which we obtained from step one, to the interface name which was obtain from step two:
netsh interface ip add neighbors "Wi-Fi" "192.168.1.1" "xx-xx-xx-5a-26-94"
to check if the assignment have worked out, execute arp -a, you shall see the connection type of the router ip is Static now.
the changes will remain preserved even if you restarted, but when you connect to a different wireless network you will have connection issues, because we told Windows that 192.168.1.1 IP should always have the MAC we assign, while it's true for the network you assignd IP and MAC for, It's not for a different network (which uses a different router), so to restore the connection type back to dynamic, we need to remove that assignment, as follows:
netsh interface ip delete neighbors "Wi-Fi"
will update back for ubuntu systems.