IP conflict because of hacker.

Kevinnn · Joined: 10 Sep 2007 Posts: 2 Location: USA

Hello;

We are using a 10.x.x.x network; Our FS machine is 10.0.0.1; which is also the DHCP of our network; the problem we are presenting is that there is somebody putting his/her computer IP exactly as our FS server and this make the whole network to crash; we have try to look for his MAC; we have tried everything but every time this guy wants to finish our network thats it for us. If somebody could please give us a hand in here.
_________________
I want to solve the issue

alan · **Forum facilitator** Joined: 26 Sep 2003 Posts: 4435

You need to use Ethereal to hunt down his MAC. After that you can use your AP or v5 Black List feature (under Client Filter) to block his MAC.
_________________
~ Patronsoft Limited ~

Kevinnn · Joined: 10 Sep 2007 Posts: 2 Location: USA

Alan we have tried to look for that MAC like crazy; but this hacker knows how to hide the MAC; the MAC never shows up, we tried the ethereal program and many others. Something that firstspot can do about it.
_________________
I want to solve the issue

danielillu · Joined: 08 Dec 2005 Posts: 32 Location: Barcelona, Spain

When you detect the cracker, you should isolate your firstspot from network and your network sector by sector until you know in which sector he is, isolating him slowly. Then, put in that sector a controlled computer. If everything goes right, you should be almost alone with the cracker, and he be your gateway (10.0.0.1). When trying to resolve your gateway, his machine should reply you an ARP with his MAC.

Then, put a filter on the node to ban or DROP all his traffic. He won't reach your gateway (until he change MAC).
Or change your MAC policy to Drop everything, accept what I know, that's is, drop all MACs except the ones you know who are.

I can't figure out any other method to ban this kind of behaviours. Maybe, playing his game with netcut and trying to stole his session, but I never tried it, so I can't help.