LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-10-2008, 11:40 AM   #1
Net_Spy
Member
 
Registered: Nov 2006
Posts: 119

Rep: Reputation: 17
arp issue


Greetings to All,

I'm running a network with 800 users.I'm facing strange problem on my network that my gateway ip conflict when I trace that client and block him its start from an other client and I found that client does not use that ip its sort of arp attack or such virus.I use this command arping -b 10.x.x.x -I eth1 ,where 10.x.x.x my gateway ip and eth1 is internal network interface. it start reply uni cast with that client mac and gatewayip although that client was not doing any such activity.does any one have any idea regarding this issue ,is it a virus or what.Looking forward for your kind response.

Regards
Net_Spy
 
Old 01-11-2008, 09:12 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
How about capturing packets with tcpdump and running it through Wireshark and Snort for a quick check?

* Just a small nit but proper punctuation and well-formed phrasing does enhance readability. From your other threads I know your language skills are better than this. TIA.
 
Old 01-12-2008, 03:19 AM   #3
OTIM
Member
 
Registered: Nov 2007
Posts: 37

Rep: Reputation: 15
hi

yes this is a virus, a friend of mine had had the same problem but i am not sure how he solved it. ( actually he told me he made a script for this)
You could try tcpdump as unSpawn suggested, on a few computers and put the relevant output here; perhaps some of the more skilled people here can help you out; meanwhile update all your windows clients and tell them to use firewalls (i'm not sure if it helps but its a good start)

adaylater: try using arpwatch

Last edited by OTIM; 01-13-2008 at 03:29 AM.
 
Old 01-15-2008, 12:12 AM   #4
Net_Spy
Member
 
Registered: Nov 2006
Posts: 119

Original Poster
Rep: Reputation: 17
Thanks for your kind respose guys.

well if it is a virus so precuation for that to avoid it.OTIM could you provide me that script so I could check that out.looking forward for your kind response.

Regards
Net_Spy
 
Old 01-15-2008, 04:21 AM   #5
OTIM
Member
 
Registered: Nov 2007
Posts: 37

Rep: Reputation: 15
yes i would but it will take some time o talk to my friend...but try using arpwatch, with it you should see which pc is infected, and you can disconnect it for clean up ( i mean until you find a better solution)
 
Old 01-17-2008, 02:08 AM   #6
Net_Spy
Member
 
Registered: Nov 2006
Posts: 119

Original Poster
Rep: Reputation: 17
Thanks..

well this is not a perfect solution.well im waiting for that script.looking forward for your kind response.
Regards
Net_spt
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange ARP behavior : A linux server responds to all ARP requests Hdvd21 Linux - Networking 4 10-24-2013 05:02 AM
arp issue dinisco Linux - Networking 0 04-03-2007 11:41 AM
Disabling ARP probes after receiving an ARP request AltecLansingMan Linux - Networking 1 03-30-2004 01:25 PM
Arp Melissa22 Linux - Networking 1 03-16-2004 03:21 AM
How to create an proxyarp entry in arp table by using arp command? himalayas Linux - Networking 0 06-04-2003 04:14 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration