1

How can I defend against an ongoing arp poisoning attack on a network that I am connected to?

Matias K
  • 113
  • 3
  • If it's ongoing and you know the source of the attack, can't you just block the computer on the switch level? Or maybe disable the port on the switch. – Ricardo Reimao Feb 08 '17 at 09:38
  • @RicardoReimao could you please tell me how to do that? Also, to whoever marked my question as a duplicate, the other question is about how to stop the attack as the network admin, not a person connected to the network – Matias K Feb 09 '17 at 04:33
  • To stop it, you need to have privileges such as network admin. This is a dupe. – Rory Alsop Feb 09 '17 at 07:25
  • @RoryAlsop Not according to Mr.lock who answered my question – Matias K Feb 10 '17 at 03:33

1 Answers1

0

That is possible by defining static ARP entries for local IP's you are connected with, on Windows machine you could define static ARP entry using netsh .

EX: netsh interface ipv4 add neighbors "Local Area Connection" 10.1.1.1 12-34-56-78-9a-bc

Mr.lock
  • 345
  • 5
  • 14
  • Could you please explain what IP and MAC i put in (when i am doing this). I don't know much about networking. – Matias K Feb 09 '17 at 04:35
  • The most imortant one is the IP of your gateway, for example if your default gateway is 192.168.1.1 it is more secure to get its MAC address from the router itself and use the values which you get to the static arp command – Mr.lock Feb 09 '17 at 04:48
  • Okay. So the IP is 192.168.1.1 and MAC is the one on the router. How do I remove the entry if i need to? – Matias K Feb 10 '17 at 03:35
  • You could try to flush the cache for the specific interface. (Run the Command Prompt as administrator) Example: netsh interface ipv4 delete neighbors “Local Area Connection” – Mr.lock Feb 10 '17 at 05:53