You may have been attacked by someone on your LAN by redirecting or spoofing your connections to his own machine and watch all your packets including http and even https connections and voice calls, What if no one can see you on the LAN even to start attack against you , let’s hide our Linux machines …
To stop attacks that based on mac address poisoning, we have to hide our mac address , that could be achieved using a mac filtering software called arptables.
01. Installing arptables :
On RPM based like centOS , Red hat ,Fedora :
yum -y install arptables
On DEBIAN based like Debian , Ubuntu :
apt-get -y install arptables
02. Using arptables:
arptables is so similar to iptables for firewall but not for IP and ports , arptables is like a firewall for filtering mac addresses.
To Hide or isolate our machine we have to prevent any mac address from connecting to our machine EXCEPT the Gateway mac address ( we need it to be able to go online ).
To DROP all packets firstly :
arptables -P INPUT DROP
Then we have to allow our gateway (in my case my gateway IP is 192.168.1.1 which has mac of 08:7A:4C:C7:88:90 ) , use your own Gateway IP and mac address .
arptables -A INPUT -s 192.168.1.1 --source-mac 08:7A:4C:C7:88:90 -j ACCEPT
Now no one else could reach your Linux machine except Gateway , try to ping or use port scanner against your machine , as it is not alive host !!
To get your gateway mac address you may use any network scanner like nmap or use command arp
root@localhost ~# arp Address HWtype HWaddress Flags Mask Iface 192.168.1.1 ether 08:7a:4c:c7:88:90 C eth0
arptables rules are not persistent by default, use arptables-save and arptables-restore for easier save and restore your rules from a file to avoid repeating commands.
For Example: save rules to file called arptables then restore rules from it.
arptables-save alone will only show current rules
arptables-save arptables-save > arptables arptables-restore < arptables
For more details about arptables please read help and manual pages :
arptables --help man arptables
That is it , i hope it was simple , thanks for joining me in this tutorial .