no wayyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy yy throw isa
u should use lunis and squid or cisco switch with appling v lan's
هل في حل لمشكلة netcutمن علي السيرفر
هل فى حل لمشكله ال netcut من على السيرفر؟؟
--------------------------------------------------------------------------------
السلام عليكم ورحمه الله وبركاته
فى مشكله اكيد كلنا بنقابلها مشكله برنامج ال netcut
المهم ادخل فى المشكله انا عامل سيرفر 2003 وعامل عليه ISA server 2004 بس فى مشكه فى الشبكه فى ناس كتير بتستخدم ال netcut على الشبكه وكمان برنامج ال switsh Sniffer والبرامج الى بتقطع الاتصال بال gateway
انا عارف ان فى برنامج ال Anti netcut ممكن ينزل عند الناس
بس احنا عايزين نفكر فى حل للمشكله دى من خلال السيرفر ومن خلال ال ISA
انا بحاول اقفل بورتات البرامج دى بس لسه باعمل بحث عليها ياريت لو حد عنده فكره او اى معلومه يفيدنا فى حل المشكله دى
وتانى عشان ماحدش ينسى انا نفسى نلاقى حل للمشكله من خلال السيرفر نفسه ومن خلال ال ISA بحيث مثلا نعمل rule او نقفل بورتات البرامج دى
ارجو تكون وضحت المشكله
والموضوع كان مطروح سابقا من احد الاعضاء و لكن لم يتوصل الي حله احد
lolo:
no wayyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy yy throw isa
u should use lunis and squid or cisco switch with appling v lan's
اشكرك اخي kimoz2002 علي مرورك
ولكن ممكن نفكر مع بعض في اي طريقة اخري غير نظام لينكس
و ياريت توضح ازاي ممكن نمنعه من علي السويتش
و السؤال مازال مطروحا لخبراء ISA
lolo:
حبيبي انت على سيرفر
يعني انسى البرامج دي نهائي
مسمعتش عن ال IPSec ولا ايه؟
نعم اخي اعرف IPsecالمشاركة الأصلية كتبت بواسطة __eRa__
بس ياريت توضح كيف يمكن منع هذه البرامج عن طريق IPSec و لك الشكر
علما باني علي سيرفر و لكن هناك من يستخدم برامج مثل netcut , swichsniffe
اخواني خبراء ISA مازال السؤال مطروحا
بس ياريت الاجابة تكون بشرح كافي
تحياتي للجميع
lolo:
كل ما عليك هو عمل تفعيل للسيكيوريتي الخاص بالIPsec بحيث يكون هناك تشفير إجباري للاتصال بين كل كلاينت وبين السيرفر
كذلك يمكنك استخدام برامج مثل AntiArp وهو سهل وبسيط وفعال أيضا
from switch u must have cisco switch in order to put every client in own vlan .....
but it's an expensive solution
3ala fekra ipsec mab7lesh moshklet el arp spoofing
IPSec was built with defense against Denial of Service attacks in mind. However, IKE still has some known vulnerabilities to DoS attacks – scour the web for references and you will see. Basically, flooding the computer with IKE exchange initiations will fill up the IKE state table, and consume CPU cycles and memory space. While established connections will remain connected, new connections will be prevented. This is not specific to the Microsoft IPSec implementation, but a natural shortcoming of the IPSec architecture.
Lower layer attacks are still possible. ARP cache poisoning and other layer 2 attacks still take place before IPSec even wakes up. This is not specific to the Microsoft IPSec implementation, but a natural shortcoming of the IPSec architecture.
Upper layer attacks have been the focus of widespread mayhem in the recent past. While IPSec will protect who can talk to who, and encryption of the communication, it cannot protect a buggy application that is vulnerable to a buffer overflow. So, if your DMZ web server is using IPSec to secure communications with the backend SQL database, an allowed web surfer can still use SQL query poisoning to exploit the SQL server. See the CNET article Sequel to SQL oversights by Chris Prosise and Saumil Shah for more details.
The only method of completely preventing ARP spoofing is the use of static, non-changing ARP entries (each entry maps a MAC address to corresponding IP address). However, this is not practical on a large network, due to the large overhead of keeping ARP tables up to date. Therefore another method, such as DHCP snooping, can be utilised on larger networks. Via DHCP, the network device keeps a record of the MAC addresses that are connected to each port, so it can readily detect if a spoofed ARP has been received. This method is implemented on networking equipment by vendors such as Cisco, Extreme Networks and Allied Telesis.
Detection is another avenue for defending against ARP spoofing. Arpwatch is a Unix program which listens for ARP replies on a network, and sends a notification via email when an ARP entry changes. Under Windows the GUI-driven software XArp v2 is available. It performs ARP packet inspection on a per network interface basis with configurable inspection filters and active verification modules.
Checking for the existence of MAC address cloning may also provide a clue as to the presence of ARP spoofing, though there are legitimate uses of MAC address cloning. Reverse ARP (RARP) is a protocol used to query the a MAC address for its associated IP address(es). If more than one IP address is returned, MAC cloning is present.
know the standard things to do (like static ARP entries and so on),
what I want to know from you is something like:
-OS x has a patch y which helps preventing ARP spoofing (like antidote)
or
-OS x in version y has a small built in ARP prevention (like SunOS)
or
-Firewall/IDS x is able to prevent/detect ARP spoofing
Also welcome are new thoughts about ARP spoofing prevention (like S-ARP
or Secure Link Layer).
Give me all your information, tricks and tips, so I can build up a
complete resource.
Using IPv6, IPsec or static ARP records can be effective methods of defence
against ARP spoofing attacks.
end quote..
https://en.wikipedia.org/wiki/ARP_spoofing
ضوابط المشاركة
المفضلات