I wonder how many of you tried netCut after reading yesterday’s article? Don’t you find it kind of hard to believe that netCut has been available for so long yet so many computers is affected by this attack just because of the standard of ARP. Attacking computers with netCut seemed to be fun for script kiddies but the person who got cut is no fun at all.
If you felt that your Internet connection that is shared on network being cut off when others is working fine, then here is how you can determine whether if someone is really poisoning your ARP cache. Other than that, if you’re connected to a public wi-fi, you should protect your computer against these attacks. Even when you think you are on a paid wifi which seems to be safer, you’re wrong because someone could cut off your Internet and then spoof their computer as your computer to get free internet on a paid wifi.
I did some research on how to protect against netCut and here are a few working ones. Not all can protect against netCut, for example Anti Netcut by tools4free and StopCut. Both of these anti netcut tools doesn’t work and annoying as well because every once in a while, an advertisement window will popup. In fact I even got a warning from Comodo Firewall that Anti Netcut is trying to secretly connect to a FTP server. In the Arcai’s netcut Software 2.0, there is a checkbox “Protected My Computer” which supposedly to protect your computer against Arcai’s netcut Software but it didn’t work on my Windows XP SP3 computer.
A working third party software that can intercept ARP spoofing/ARP attacks/ARP poisoning, intercept IP Address conflict, prevent Dos attack, safety mode, ARP flow analysis, protect ARP cache, active defense, locate attacker and ARP virus cleaner is AntiARP.
There are 2 version of AntiARP which is the Personal Edition and the Server Edition. Unfortunately both versions are shareware. The Personal edition can only work on desktop operating system such as Windows 2000, XP and Vista. If you want to use it on Windows server based OS, then you have to go for the Server edition which cost more. It can automatically block netCut’s attack and also let you know who is the attacker.
So far I found out that the free Comodo Firewall is able to protect your computer against ARP poisoning but you have to enable it as it is disabled by default. Click on Firewall at the top bar and then click Advanced button at the left pane. Go to Attack Detection Settings and check “Protect the ARP Cache”.
As for Kaspersky Internet Security 2010 users, sorry to let you know that it doesn’t block netCut attacks.