Windows 10 Help in preventing ARP poisoning

Harlock21

New Member
Joined
Mar 7, 2022
Messages
4
Hi all,
It seems that I am ARP spoofed.
Recently I have installed the XARP application which is able to detect only ARP poisoning; thanks to it I had the proof that I am victim of such attacks.
It seems that my Linux system is not affected by this fraudolent practice while my Windows firewall can not filter non legit / poisoned ARP traffic.
Is there any way to configure the Windows firewall with well constructed incoming traffic rules in order to filter the poisoning traffic?
Thank you.
 
Solution
Unfortunately ARP poisoning can be done without being connected to the network which the host is connected to.
My WIFI network is MFP protected and it will take eons to brick the password as it is encrypted.
Even if the intent of the ARP spoofing is to force a disconnection like the deauth procedure to sniff the connection handshake packets the password is encrypted and the work will be useless.
The problem is that the default Windows firewall rules are too weak, just as usual if compared to the Linux counterpart.
What I am asking is to create a Windows firewall rule which will block ARP spoofing generated with the same mac address that I have.
Sort by date Sort by votes
ARP cache poisoning only works on a local network and any device would be susceptible to that type of attack. If someone is connected to your network and is poisoning your ARP cache you have bigger problems
 
Upvote 0 Downvote
Unfortunately ARP poisoning can be done without being connected to the network which the host is connected to.
My WIFI network is MFP protected and it will take eons to brick the password as it is encrypted.
Even if the intent of the ARP spoofing is to force a disconnection like the deauth procedure to sniff the connection handshake packets the password is encrypted and the work will be useless.
The problem is that the default Windows firewall rules are too weak, just as usual if compared to the Linux counterpart.
What I am asking is to create a Windows firewall rule which will block ARP spoofing generated with the same mac address that I have.
 
Upvote 0 Downvote
Solution
you could build a custom endian firewall into an old router and put that between your Windows system and the big bad internet... that gives you total control but takes a bit more than a basic understandiing to set up
 
Upvote 0 Downvote
ussnorway said:
you could build a custom endian firewall into an old router and put that between your Windows system and the big bad internet... that gives you total control but takes a bit more than a basic understandiing to set up
Click to expand...
Hi thanks,
For now I am using xarp pro for both Windows and Linux and it seems to work good enough.
Yep the solution as you have suggested is a good way to go with but it requires a dedicated host for ddos filtering and tracking.
As far as I have understood xarp tries to understand if the ARP traffic sender/ exchanger is a legit one by actively polling back it (and all the senders that appear in the air traffic for wifi connections) - this way the "first" ARP traffic is then buffered until the polling rules are not validated.
Two years ago I had to buy a Cisco AP and change all my wifi network cards to be able to use the MFP security protocol, today I need to use dedicated daemon tools to prevent ddos/spoofing on the air traffic. Air traffic sucks
 
Last edited:
Upvote 0 Downvote
ARP only works locally so no it can't be done remotely and only impacts local assets arp operates on layer 2
 
Upvote 0 Downvote
Neemobeer said:
ARP only works locally so no it can't be done remotely and only impacts local assets arp operates on layer 2
Click to expand...
A wifi network has no physical boundaries as the packets are sent via radio waves, this means that a wifi network can not be closed in any way and an attacker can inject arp packets at his own wish by even simulating the identity of the attacked host. Do you want to see my xarp log or my Wireshark one? For me the topic is closed.
 
Upvote 0 Downvote
They still have to be connected to your network. A lan is a logical separation of devices via subnet mask. A lan is not nessicarily geographically localized.
 
Last edited:
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

TA17-132A: Indicators Associated With WannaCry Ransomware
Replies
0
Views
774
News
TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors
Replies
0
Views
2K
News
D
  • Solved
Windows 7 Detect ARP poisoning(ARP spoofing) & ARP flooding
Replies
2
Views
14K
Microsoft Addict
M