Wednesday, April 13, 2011

ARP Poisioning

This will be one of a few posts here relating to the presentation I made at the Montana Library Association conference in Billings recently. I told the attendees I would present further details about how to do some of the procedures I discussed, so here is the first one.

One of the most important things a small library should do is to create an environment where the public PCs, the staff PCs, and the hotspot can not see each other. This is because staff PCs are usually used by people who try not to get infected. Public PCs, alas, are not. It is wise to assume that your public PCs are infected by the end of the day. Hopefully, you are using a product like Deep Freeze so that the public PCs will be uninfected again when they reboot.

There are a variety of ways to accomplish this separation between staff and public PCs and many of them are expensive. This is the poor person's technique for disabling communication between staff PCs and public PCs. It is called ARP Poisoning and it is a technique of lying to your PC.

In order for this to work, you must manually assign IP addresses to your PCs. They need to have an IP address that remains constant and DHCP will not do that.

Let's say you have two staff PCs with the following IP addresses:
192.168.1.21
192.168.1.22

And you have two public PCs with the following IP addresses:
192.168.1.55
192.168.1.56

Create a batch file with the following name: "staffARP.bat"

It should have the following two lines in it.
ARP -s 192.168.1.55 00-00-00-00-00-00
ARP -s 192.168.1.56 00-00-00-00-00-00

Then create another batch file called "publicARP.bat". It should have the following two lines.
ARP -s 192.168.1.21 00-00-00-00-00-00
ARP -s 192.168.1.22 00-00-00-00-00-00

Now each of the batch files gets put into the respective startup folder of each PC. That is to say the staffARP.bat file gets put into the startup folder on a staff PC and the publicARP.bat files gets put into the startup folder on the public PC.

Then you would reboot a staff and public PC and ping one from the other. The ping should fail indicating that the two cannot communicate.

In your environment, add a line in the batch file for each PC to which you want to block access. Note that the string after the IP address is a bunch of zero's and dashes, not ohs and dashes. Note that the IP addresses above are just samples. Naturally, you would use your own IP addresses.

There ya go, the poor persons blocking between staff and public PCs.

Next week I'll make a few comments about Deep Freeze. It is the product that, IMHO, is the most cost effective money a library can spend to keep its PCs running.

No comments: