AntiNetCut v2

At last, I’m very happy to announce the release of the long-waited Anti NetCut version2.

Main Features:

  1. Works on Ubuntu/Fedora/RHEL..
  2. Written in Python so it’s easy to maintain and update.
  3. Automatic detection of almost everything (you might need to supply the interface name as illustrated below)
  4. Works perfectly with NetCut 2.8…

The usage instructions are too easy, just download and edit the antinetcut.py file (change “device=eth0″) to your interface name and run the script…


Notes

  • You must leave the script running in the background, stopping the script means that you might get attacked again.
  • After starting the script, it might take a few seconds before you get your connection back, so please be patient.

Anyone wants to join development, please see the official page http://code.google.com/p/antinetcut/

Download from here: Download Here

48 Comments »

  1. BooDy said,

    August 13, 2008 @ 2:46 am

    thanQ very much eng/ahmed

    i don’t really use anti-netcut … but i know this would be useful for me someday

    even this will encourage me studying Python :D

  2. M.M.F said,

    August 13, 2008 @ 3:32 am

    Thanks a lot eng / Ahmed
    i will download it now and try

  3. MeDo said,

    August 13, 2008 @ 4:44 am

    yeah ana kont me7tagoo geddan :) thnx alot

  4. bu3ny said,

    August 13, 2008 @ 6:49 am

    hi eng ahmed
    thanx very much for this .i’ve waited long for it since netcut is very bad on my network
    again thanx very much

  5. Ahmed Madkour said,

    August 13, 2008 @ 10:11 am

    I am reading the code now it seems interesting

  6. Mutati0N said,

    August 14, 2008 @ 4:47 am

    thnx alot Ahmed , and i hope it will be effective ISA

  7. m1hmoud said,

    August 15, 2008 @ 2:23 pm

    شكراً أخ أحمد
    أخيراً على أوبونتو

  8. m1hmoud said,

    August 15, 2008 @ 2:29 pm

    نسيت أسأل هل تجدى نفعاً مع arp spoofing
    أم هى للـ نت كت فقط

  9. ahmed ali said,

    August 15, 2008 @ 3:13 pm

    السلام عليكم

    بسم الله الرحمن الرحيم

    أنا مش عارف أشكرك ازاى بجد أنا فعلا كنت محتاجه على أبونتو
    جزاك الله خيرا وجعلك زخرا لللإسلام والمسلمين

  10. Ahmed S. Farghal said,

    August 15, 2008 @ 3:14 pm

    It should work with all types of arp poisoning, so please try and tell me…

  11. Abdelrahman Hamed el Gamal said,

    August 15, 2008 @ 8:50 pm

    Jazakom ALLAH 5yran ya bashmohandes A7med Soliman , Franchment vous êtes super dynamique, Je vous souhait une bonne continuation pour les prochains Versions d’ AntiNetCut

    S.A

  12. elahlawy said,

    August 15, 2008 @ 11:29 pm

    مجهووود جااامد جداااا يا باشمهندس احمد

    ربنا يكرمك ويجازيك خير دايما

    ربنا يوفقك

  13. روابط 3 « Technology is life style said,

    August 16, 2008 @ 3:23 am

    [...] AntiNetCut v2 « Topdown problem solving [...]

  14. Eslam Mahmoud said,

    August 16, 2008 @ 3:58 am

    first of all i wanna say thanx very very much for this

    but when i try it and i set the “gw” to my getway ip in line 8 ,i had an error in line 28 say “name ‘gwIP’ is not defined” i edit line 21 from “myIP=gw” to “gwIP=gw” and it work well now .

    but if “gw”=”" it work well .

    i don`t know it may be only me but that what happened :) ;

    again thanx ;

  15. m1hmoud said,

    August 17, 2008 @ 8:49 pm

    جربتها كما قلت ونفعت إذا كان ملك الراوتر لم يتغير ولكن النت يبطأ مش مشكلة المهم انه اشتغل وخلاص
    أما إذا تغير الماك فالإتصال لا يعود

  16. Ahmed S. Farghal said,

    August 17, 2008 @ 10:29 pm

    ya3ni eeh et3′ayar el mac?

  17. m1hmoud said,

    August 17, 2008 @ 10:45 pm

    يعنى عندما أقوم بتنفيذ الأمر (arp -a)
    يخبرنى ناتج الأمر بآي بى الراوتر والماك بتاعه +آى بى الآ بيعمل arp spoofing والماك بتاعه
    لو الماك بتاع الراوتر متغير عن الماك الأصلى لا يعود النت
    ولكن أظن أنى وجدت الحل لهذه المشكلة مع firestarter
    قلت “أظن” لست متأكد من هذا الأمر بعد

  18. links for 2008-08-19 « Free Open Source Directory said,

    August 20, 2008 @ 5:32 am

    [...] AntiNetCut v2 | AhmedSoliman.com At last, I’m very happy to announce the release of the long-waited Anti NetCut version2. Main Features: 1. Works on Ubuntu/Fedora/RHEL.. 2. Written in Python so it’s easy to maintain and update. 3. Automatic detection of almost everything (you might need to supply the interface name as illustrated below) 4. Works perfectly with NetCut 2.8… (tags: AntiNetCut v2) [...]

  19. MaRaGhEnOoO said,

    August 20, 2008 @ 3:58 pm

    bgad thanQ ya Ahmed basha 3ala el ANTINETCUT el faaazeee3 da , ana kont mat7ooon bgad fe el LAN beta3ty w kont bakteb (commands) manual kol marra ad5ol online w a5od ip el router w 7agat zay keda keteeer :$
    bs el 7amdu le ALLAH now I’ll NOT do this ANYMORE :D

    RABENA ye5alek lena ya gameeel :D

  20. amr said,

    August 23, 2008 @ 2:09 am

    ma3lesh ya gama3a , ana 3amalt download lel anti netcut , bas ana mesh 3aref asta7′demo khales , plz some one tell me how to use it plz , as iam writing this im afraid i will be disconnected any minute , plz help plzz

  21. Gamal said,

    August 24, 2008 @ 9:29 pm

    Extract the tar ball
    change directory to the extraction folder:

    cd /path/to/antinetcut
    In case you extracted it to desktop so it’ll be ..
    cd /home/yourusername/Desktop/antinetcut
    now execute it …
    ubuntu
    $sudo ./antinetcut.py
    else
    ./antinetcut.py

    you may need to :
    chmod a+x antinetcut.py

  22. ayman said,

    August 24, 2008 @ 9:36 pm

    GAMED wlahe ya ahmed , really nice work ya man and so helpful also , and i hope that u will not stop this releases of this nice script
    thnx alot ya man

  23. Ahmed S. Farghal said,

    August 24, 2008 @ 11:33 pm

    yaah ya 3am ayman, enta lessa faker :P

    isA I’ll continue maintaining this script and I hope to get more developers working on it…

  24. hassan said,

    August 25, 2008 @ 3:16 pm

    انا منزل اعجوبه ودا اللي جالي!!!
    [ 1 ]
    sh: arp: command not found

    [ 2 ]
    sh: arp: command not found

    [ 3 ]
    sh: arp: command not found

    مش عارف اعمل ايه

  25. Ahmed S. Farghal said,

    August 25, 2008 @ 8:07 pm

    can you please tell me which distro are you using?

  26. eldhrawy said,

    August 26, 2008 @ 10:37 am

    i’m using ojuba built on FEDORA 9
    this is what i get

    [root@localhost hassan]# ‘/home/hassan/antinetcut.py’
    WARNING: Failed to execute tcpdump. Check it is installed and in the PATH
    Welcome To AntiNetCut Version 2
    Development done by AhmedSoliman.com
    Released August 2008
    which: no ip in (/usr/kerberos/sbin:/usr/lib/qt-3.3/bin:/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/home/hassan/bin)
    Traceback (most recent call last):
    File “/home/hassan/antinetcut.py”, line 28, in
    mac=getmacbyip(gwIP)
    File “/media/HARD DISK/antinetcut/scapy/layers/l2.py”, line 44, in getmacbyip
    tmp = map(ord, inet_aton(ip))
    socket.error: illegal IP address string passed to inet_aton

    where is the prob??

  27. Ahmed S. Farghal said,

    August 26, 2008 @ 10:48 am

    It’s the first time I hear about Ojouba! but anyway the problem seems that you miss all the packages that are related to networking :)

    Like you need the packages:
    iproute
    tcpdump
    net-tools

    Please make sure that you have those packages already installed.. (using rpm -q )

  28. eldhrawy said,

    August 26, 2008 @ 4:14 pm

    i typed in terminal

    install iproute tcpdump net-tools

    this is what i got

    Setting up Install Process
    Parsing package install arguments
    Package iproute-2.6.25-1.fc9.i386 already installed and latest version
    Package 14:tcpdump-3.9.8-4.fc9.i386 already installed and latest version
    Package net-tools-1.60-87.fc9.i386 already installed and latest version
    Nothing to do

    this is OJUBA
    http://www.ojuba.org/wiki/doku.php

  29. Ahmed S. Farghal said,

    August 26, 2008 @ 5:00 pm

    ok, write
    which arp
    which ip

    and please make sure that you execute this script as super-user (root)

  30. eldhrawy said,

    August 26, 2008 @ 7:43 pm

    [root@localhost hassan]# which arp
    /usr/bin/which: no arp in (/usr/kerberos/sbin:/usr/lib/qt-3.3/bin:/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/home/hassan/bin)

    [root@localhost hassan]# which ip
    /usr/bin/which: no ip in (/usr/kerberos/sbin:/usr/lib/qt-3.3/bin:/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/home/hassan/bin)

    what is this????

  31. Ahmed S. Farghal said,

    August 26, 2008 @ 11:13 pm

    it seems that this distro has modified the default fedora packages (RPMs) contents, so I can’t help now :)

    you must contact the distro. packagers for those commands RPMS

  32. eldhrawy said,

    August 27, 2008 @ 9:58 pm

    this is the conversation between me & the distro.packager plz read

    http://www.linuxac.org/forum/showthread.php?t=14624

  33. Ahmed S. Farghal said,

    August 28, 2008 @ 12:17 am

    Ok, I read the whole topic and now I get the problem correctly…

    there are two problems now:
    1- when you run the script using its full path…
    2- the script cannot detect your IP address, can you please provide the output of ip addr show

  34. eldhrawy said,

    August 28, 2008 @ 2:46 am

    [hassan@localhost ~]$ su -
    Password:
    [root@localhost ~]# ip addr show
    1: lo: mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
    2: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:e0:20:15:07:f6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.43/24 brd 192.168.1.255 scope global eth1
    inet6 fe80::2e0:20ff:fe15:7f6/64 scope link
    valid_lft forever preferred_lft forever
    3: eth0: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:17:31:27:8f:d7 brd ff:ff:ff:ff:ff:ff
    4: pan0: mtu 1500 qdisc noop state DOWN
    link/ether 2a:4c:ca:32:cd:ce brd ff:ff:ff:ff:ff:ff
    [root@localhost ~]#

    “i’ve 2 lan cards the one eth0 is onboard & not working so i use eth1″

    “thank you v.much mr.ahmed soliman for your interest

  35. eldhrawy said,

    August 28, 2008 @ 2:56 am

    this is what i done

    [hassan@localhost ~]$ su -
    Password:
    [root@localhost ~]# ls
    anaconda-ks.cfg
    [root@localhost ~]# cd /home/hassan
    [root@localhost hassan]# ls
    antinetcut Documents Music Public Videos
    Desktop Download Pictures Templates
    [root@localhost hassan]# cd antinetcut
    [root@localhost antinetcut]# ./antinetcut.py
    Welcome To AntiNetCut Version 2
    Development done by AhmedSoliman.com
    Released August 2008
    MAC Address Detected for the gateway 192.168.1.1 00:17:31:c7:bc:8a
    Deleting Current gateway mac address from the arp table
    Adding static entry…
    Cannot Detect my IP address
    [root@localhost antinetcut]# ip addr show
    1: lo: mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
    2: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:e0:20:15:07:f6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.43/24 brd 192.168.1.255 scope global eth1
    inet6 fe80::2e0:20ff:fe15:7f6/64 scope link
    valid_lft forever preferred_lft forever
    3: eth0: mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:17:31:27:8f:d7 brd ff:ff:ff:ff:ff:ff
    4: pan0: mtu 1500 qdisc noop state DOWN
    link/ether 36:bd:d4:2c:f7:a7 brd ff:ff:ff:ff:ff:ff
    [root@localhost antinetcut]#

    !!!

  36. eldhrawy said,

    August 28, 2008 @ 10:17 pm

    wats z prob. here?!

  37. Ahmed S. Farghal said,

    August 29, 2008 @ 11:54 am

    as you have eth1 instead of eth0, you’ll have to edit the script…

    open the script using any text editor (gedit antinetcut.py) for example and edit the variable at line 8
    device="eth0"
    to
    device="eth1"
    and try again…

  38. eldhrawy said,

    August 29, 2008 @ 3:54 pm

    [hassan@localhost antinetcut]$ su -
    Password:
    ls[root@localhost ~]# ls
    anaconda-ks.cfg
    [root@localhost ~]# cd /home/hassan/antinetcut
    [root@localhost antinetcut]# gedit antinetcut.py
    [root@localhost antinetcut]# ./antinetcut.py
    Welcome To AntiNetCut Version 2
    Development done by AhmedSoliman.com
    Released August 2008
    MAC Address Detected for the gateway 192.168.1.1 00:17:31:c7:bc:8a
    Deleting Current gateway mac address from the arp table
    Adding static entry…
    Our IP Address is 192.168.1.43
    Out MAC Address is 00:e0:20:15:07:f6

    Running Protection Thread

    is it working now???????

  39. Ahmed S. Farghal said,

    August 29, 2008 @ 9:12 pm

    yes, leave it running…. :)

  40. eldhrawy said,

    August 29, 2008 @ 10:32 pm

    thank you mr.ahmed i really cant find words to thank you

  41. hackobacko said,

    August 30, 2008 @ 6:43 am

    well ! thanx alot for this version …
    but is the hole idea is to clear the arp cache and checks for users spoofing the G.W mac address ?
    I read actually alot about this topic “Arp poisoning” and I had little experience facing it … but actually I did faced a problem before when I couldn’t get the connection back even when trying to clear the arp cache , and I knew that there’s many attack types concerning this topic
    for example :- a program like win arp attacker “can be found in security focus”
    can do many attacks

    so I figured out that I do need a firewall that preventing my pc from ever receiving arp requests at all and I got one but I really lost it (for windows )
    then I found the program antiarp that really makes good job and hides your pc totally from network and it’s effective really

    so I want to ask 2 questions :-

    1) is your program designed to face many types of attacks ? since really the problem is not in netcut alone …. there’s many applications as I told you before since I faced some of those applications but I don’t know its name

    2) from my little experience and plz correct me if i’m wrong I figured out that the application I told you about was actually messing with router it self
    may be send packets to it to spoof my mac address to another fake one and send those packets rapidly and continuously so it doesn’t mess with me .. so any arp cache clearing will be useless
    so I also figured out that i’m in need to an application that can send packets to router to tell it about me and this must be with a rate faster than the enemy application and I guess this option in winarpattacker In windows but I didn’t try it
    (composing packets and sending it with specific rates [ arp- request, or replay] )

    so the whole idea i’m talking about is that the application has to prevent all arp packets comming and sent from you so as to hide you … and you may spoof your mac after hiding to get the connection back

    so am I right ? :- ) sorry for the long post and I like to see your reply

  42. Ahmed S. Farghal said,

    August 30, 2008 @ 2:05 pm

    @hackobacko:

    The first version of my antinetcut was clearing the arp cache and setting the arp entry of the gateway static o it cannot be forged later..and that was passive protection…

    but after releasing netcut 2.8, which poisons the gateway the same way you mentioned, I analyzed the attack pattern and I generated arp requests/replies the same way you mentioned but in a specific way that overcome the netcut attack.

    that response I generate should eliminate most of the arp poisoning programs available, I need people to test and report to me so we can enhance…

  43. eldhrawy said,

    August 31, 2008 @ 6:17 am

    its all OK here, everything is going right…thanks again

  44. hackobacko said,

    September 1, 2008 @ 12:29 am

    well .. I don’t have a network right now so I really can’t test it

    but you may add some functionalities to log people making arp attacks
    or using any suspecious software like that

    may be for a network owner to disconnect them …. and that will be useful , in keeping networks clean .

    I didn’t use python b4 but I know it’s interpreted language, so why not adding windows to the list of supported O.S , this will be handful for windows users who wanna get rid off such attacks , and suffering from other malicious applications other than netcut

    A question :

    when analyzing the attack pattern , you just used traffic analyzers , or there’s other ways ?

    thanx

  45. Ahmed S. Farghal said,

    September 2, 2008 @ 1:34 pm

    I didn’t use any analyzers, just sniffers…

  46. tuxawy said,

    October 10, 2008 @ 9:35 am

    first :
    thanks a lot for Ur effort in this program its really rocks
    second :
    please I need to know :

    1. Import sys
    where is this class ?

    2. from scapy.all import *
    I realized that scapy is a directory full of othe scripts and classes,
    I wanted to ask : when i wrote scapy.all does that mean the script (all.py or all.pyc ) and what is all.pyc ? I opened it and saw unicode like when I open a binary file in vim…

    3.os.functions
    where is this class ? I can’t fined where scapy wrote it
    but i found in arch.py that they imported the os class as u imported sys class in ur program
    dose that mean that sys and os is parts of the system’s libraries or not ?
    and if it was system libraries Y didn’t u import os like sys ?

    4.getmacbyip
    where is that function ??????
    i can’t finde it in scapy files,
    and why didn’t u get the locale machine mac with that function too ?

    5.scapy directory
    i don’t know what is scapy, and if sys and os are system’s libraries Y did u import the scapy project… is it for getmacbyip function only ? and u have to know that i didn’t find that function in scapy files too

  47. tuxawy said,

    October 10, 2008 @ 9:46 am

    now I realized Y did U use scapy….. Is it for line 62 to the end of Ur program ?
    but I need to know Y dose those lines do ?
    I think they r doing the protection thread
    but I am talking about the mechanism of its job
    what is it ???
    sorry for too many questions

  48. Ahmed S. Farghal said,

    October 13, 2008 @ 1:39 pm

    Hi,

    All those questions means that you actually didn’t read about python, so I suggest that you start reading about python first then we can discuss how things work here…

RSS feed for comments on this post · TrackBack URI

Leave a Comment