How do I kick an IP/MAC address from a network with backtrack 4.
Asked by
XOIIO (
18328)
October 4th, 2011
There is someone using our network, without permission, or I was not made aware of this. How do I kick the IP address, or MAC address from the network temporarily, such as until they restard the computer? In backtrack 4 r2 of course.
Observing members:
0
Composing members:
0
8 Answers
Can’t really answer this question without more information about your network, but basically you need to set netfilter to drop all packets going to / coming from the unauthorized host on the gateway machine. For example, my little firewall box sits between my wireless router and my wired network. It can (and does) block hosts that attach to my wireless net from sending packets to the wired network, but it can’t do anything to interdict the wireless net (because the wireless is “upstream” of it).
The netfilter userspace interface is called iptables. iptables is very complicated and can be a pain to use. There’s a more streamlined program you can use to do basic firewall configuration called ufw, and a GUI for ufw called gufw. iptables is built in, you don’t need to install it. ufw and gufw should be available from BackTrack’s repository. Note that gufw does not offer the option to block by MAC addresses.
Or you could just ping-flood them, I guess…
@koanhead true, but I was thinking more along the lines of a man in the middle attack, where you route all network throught he computer like with SSL sniffing, and somehow block an IP address
If you are legitimately the administrator of this network then of course it’s up to you how you protect it, but I’d advise against that sort of thing. If you aren’t the administrator of the network (you call it “our” network, so it’s not clear to me if you are or not) then I strongly advise against it. There are certainly a number of attack vectors available, but a) such a MITM would be a lot less effective than filtering at the gateway; and b) you could easily bring down the whole network for everyone if you make a mistake.
How did this person get on your network, anyway?
My mother pays for the internet, but I controll basically everything with the router, and I have all the passwords and everything. I have brought down the whole network, but thats normal with what I was doing and was only temporary XD
So someone is using your wireless without permission, is that what’s going on?
Are you using encryption? A lot of people just assume that any unencrypted wifi network is public on purpose. WEP can be cracked by any half-assed script kiddy in a few minutes, but if this person can crack WPA2 you might not want to mess with them…
Probably you already know this, but most routers have the ability to filter by MAC address built-in. Unfortunately the MAC address stays the same when the computer reboots, so that’s not quite what you wanted. You could probably boot them off by releasing their DHCP lease if the router supports it, but that would only work until they or their network manager software ran dhclient again. Does your router run the stock firmware, or something like OpenWRT (or is it the router running BackTrack)? That pretty radically affects the options available.
Also, it’s pretty easy to spoof a MAC address (hell, even I can do it) so that might only boot them temporarily anyway.
@koanhead Ahh, so spoofing the mac address does boot the old one off the network?
Well, if you clone a MAC address to another interface on the same network then you can get packet collisions because ARP will fail. It might or might not cause enough interference to make either interface unusable, I haven’t tried it. What I meant by spoofing the MAC was that if you booted his MAC off your network he could just make his interface advertise a different MAC. This is pretty easy to do using iproute2 or ifconfig and the filter would have no way to tell the difference.
Answer this question
This question is in the General Section. Responses must be helpful and on-topic.