lowbyte1
Goto Top

ARP Protection Tool - Feedback - Verbesserung

Greetz LB

@echo off

REM *********************************************************************************
REM
REM  Protection gegen:  MAC Spoofing             99.9%
REM                     ARP-Denial of Service    99.9%
REM                     Man-in-the-middle-Att0ck 99.9%
REM
REM *********************************************************************************



	Title ARP_Cache - Protection Tool                                                                \\written by Lowbyte

echo.______________________________________________
echo.
echo.    Arp - Protection Tool  v1.0
echo.________________
echo._______________________________
echo.______________________________________________
echo.


  ping -n 2 localhost>nul

echo. & echo. & echo.Standardgateway IP - Adresse wird ermittelt ...
  ping -n 2 localhost>nul & echo.



 	Ipconfig /all | find /I "Standardgateway"  
	Ipconfig /all | find /I "Standardgateway" >>stg_file.txt  

		@for /F "delims=" %%i in (stg_file.txt) do @set "STG_IP_STRING=%%i"  

		set IP=%STG_IP_STRING:~44,13%

echo. & echo. & echo.Standardgateway MAC - Adresse wird ermittelt ...
		  ping -n 1 %IP% >nul
		  arp -d
		  ping -n 2 %IP% >nul

	Arp -a | find /I "dynamisch">>mac_file.txt  


		@for /F "tokens=2" %%i in (mac_file.txt) do @set "MAC_Addr=%%i"  

echo. & echo.        Standardgateway . . . . . . . . . : %MAC_Addr%

  ping -n 2 localhost>nul
echo.
echo.
echo.Statischer  Arp-cache Eintrag wird erstellt ..

		arp -s %IP% %MAC_Addr%
  ping -n 2 localhost>nul

        if errorlevel 0 (

                       goto:Loop_1

                          ) else (

              echo msgbox"ARP_P Kernel Error",vbExclamation , "Error"> ARP.vbs  
)

	start ARP.vbs
	eventcreate /L System /T WARNING /SO Arp-Protection /ID 1 /D "Arp Protection Service  -  IN-AKTIV wahrscheinlich verfügen sie nicht über die nötigen Rechte um den schutz zu Aktivieren. - " >nul  
goto:Loop2

:Loop_1
	ping -n 2 localhost>nul
	arp -a

	ping -n 3 localhost>nul


echo.
echo.
echo.
echo.Netbios over TCP/IP wird deaktiviert ..
  ping -n 2 localhost>nul
echo.
echo.
echo. NetBios ID wird ermittelt ...
echo.

ping -n 2 localhost>nul


netsh winsock show catalog | find /I "MSAFD NetBIOS" >> test.txt  
	for /F "delims=" %%i in (test.txt) do if not defined Nbt_string set "Nbt_string=%%i" >nul  
	echo %Nbt_string% > full_id.txt
	for /F "delims=" %%k in (full_id.txt) do @set ID_STRING=%%k  
set ID=%ID_STRING:~71,38%

echo. %ID%


Reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_%ID% /v NetbiosOptions /t REG_DWORD /d 0x00000000 /f

echo. Registry gepatcht ..

ping -n 7 localhost>nul



	cls
echo.
echo.
echo.
echo.
echo._________________________________________________________
echo.
echo.       Protection-Status = Aktiv
echo.
echo._________________________________________________________


REM *****       Eventlog wird erstellt     *****

	eventcreate /L System /T INFORMATION /SO Arp-Protection /ID 1 /D "Arp Protection Service  -  Aktiv" >nul  

:Loop2

Rem                        ** Erase Garbage **

	if exist stg_file.txt erase stg_file.txt >nul
	if exist mac_file.txt erase mac_file.txt >nul
	if exist ARP.vbs erase ARP.vbs>nul

Rem                       ** Speicher freigeben **

	set IP=
	set STG_IP_STRING=
	set MAC_Addr=

echo. & echo. & echo.
  ping -n 3 localhost>nul

Content-ID: 63178

Url: https://administrator.de/tutorial/arp-protection-tool-feedback-verbesserung-63178.html

Ausgedruckt am: 24.12.2024 um 12:12 Uhr