Technique to passively take down a host on the network [closed]

I am developing a program which is to be installed on a “simple” machine in a LAN, the only particularity is that the NIC are connected on mirror ports.
The software can scan and monitor the network. What I am looking for is a technique to take down a host on this network.

When I discover a new host on the network I want to “block” it until I authorized it but the machine is not a firewall nor a real Network Access Controller (NAC) so I can only use passive methods.

I have tried ARP cache poisoning to associate a fake MAC with the real gateway IP in the target host ARP cache but there is two major issues:

  • The victim can manually set the ARP cache entry of the gateway as static.
  • The victim can still communicate with the other LAN hosts.

So I tried another method: poison the ARP cache of every hosts on the network except the victim’s one. I send a broadcast ARP request (works better than reply) with the IP of the victim and a fake MAC. But there is still one issue:

  • When the victim try to communicate with another LAN host, it sends an ARP request which put the valid MAC and IP association in the other hosts ARP cache.
  • The victim can also manually sends ARP requests or replies to overwrite the fake MAC in the hosts ARP cache.

For these reasons I wonder if there is a better method to accomplish such a thing.


Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *