My "action" today

Viewing 1 reply thread
  • Author
    • #5515

      Last week we had a problem with web browsing. Since I made static ARP entry on few machines I knew that it is the same symptom like someone doing ARP poisoning. I started wireshark which showed massive activity on destination port 137 from one internal IP adress (machine).

      So for the weekend I made my computer vulnerable for ARP attack and set up XARP on it. Today when I was working, XARP started with continious alarm. I opened wireshark to locate IP address (it was the same as last week). Then I started NMAP to identify computer brand and OS. Firstly I was sure, someone started C&A. So I went to the office where this computer was in use. It wasn’t C&A; computer from a young girl obviously has a lot of malware. I made netstat -an but didn’t go checking IPs. Later I want to deliberately get ARP attack with this computer, but it didn’t show up. Only massive knocking on 137/138. I will make fresh install of OS at that computer.

      So this is it. Have you been in situation were someone used C&A and you detected it?

    • #34815

      I’ve used it on my home network. Brothers started complaining about lag and stuff, was kinda funny 😛  Also tried it in the CISCO labs at college once but no one noticed it.

Viewing 1 reply thread
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?