About Cerberus

[Rouen]

A coworker has advertised to me a program that can help me find out why my brother's computer is constantly getting flooded with thousands of ARP packets a minute. I ran a sniffer on his machine and saw it was all coming from the same source, I dont have the logs on this machine, but my question is about this program.

My coworker said that Cerberus has 2 modes, attacker and defender. I want to know where I can pick up the "defender" version of Cerebus, and where to dig up some info on it because all my google searches return Cerberus HelpDesk, and at the same time I dont know what is it exactly I'm looking for. Any of you know what I"m talking about? If you do, a link to the prog would be great. Thanks in advance.

 

[Law]

I have no idea about the "Cerberus" application you are using, but maybe I can clue you in a little.

Do you recognize the source MAC address? Is it coming from any of the machine in your LAN?

Ethereal does the same thing, just examine traffic to the computer you have installed it on. Try using that. I don't know what "Cerberus" does so I can't help you with that. Try using Ethereal and maybe post the logs on here if you want to.

Do you need a firewall to protect his machine?

 

[IBMan]

I've never heard of verberus either. Ethereal is now Wireshark, so if you want the newest version look for that.

 

[Rouen]

The sniffer I used was Ethereal, but again I dont have my brothers computer. His computer is not on a "LAN", but technically he is. He's using Comcast Cable, and his router is flooded 24/7 from the ARP packets coming in over the line. A buddy of mine with MCSE and god knows what other certifications, said it sounds like someone attacked one of the ISP's servers and is trying to get the MAC's for all the computers its linked too (This is loosely quoted dont shoot me) I advised my brother to get a new router because the one he is using is the one that came with the cable modem, which is about the size my fist. You can't make any changes to this router aka access it manually, I doesn't even have a brand name apparently. As for a firewall, he does have one but I forget which one he's using.

 

[Law]

I don't think that device he has is a router, router would of prevented arp attack, broadcast. Sound more like a switch or hub. How many computers does he have connected to this device? Take a picture of it maybe?

Yea tell him to get a real router, should protect him from the outside. Arp broadcast should only appear on his LAN not from the ISP.

 

[Rouen]

He's gonna get a new router so it should solve the problem if it really is a switch but I'm positive that it is a router, just a very frickin cheap one. Thanks for the help guys, mod can close the thread.