Group policy and batch file help

[Corif]

Hey everyone.

I'm in networking class in a high school and we are working to get a COMPTIA Networking+. I'm one of the students in the class that are far ahead so my teacher ask me if i can write a batch file that will poison the arp table of everyone in the room. We are doing this because we just talked about group policies and we want to apply the batch file to the policies and hope that it will run on the machines when they turn on. I have two question. Is this possible and can someone show me how to write a batch file that will poison the arp of all the machines? Help would be lovely

 

[seepy83]

I don't have a clue why your teacher would want you to teach yourself how to write a bat file that poisons the arp cache and is executed through group policy. ARP cache poisoning is usually done maliciously (or by people that have been hired to pen test), and it's usually done with software that has been written specifically to broadcast gratuitous arp on the network.

But to answer your questions more directly, yes you can execute a batch file using a GPO, and yes you should be able to add an entry to the arp table with a batch file. you would want to use the arp command. I've never done this (because there's no good reason to), so YMMV...but in theory it should work as long as you've got admin credentials. details on the arp command below

> arp -?

Displays and modifies the IP-to-Physical address translation tables used by
address resolution protocol (ARP).

ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr] [-v]

-a Displays current ARP entries by interrogating the current
protocol data. If inet_addr is specified, the IP and Physical
addresses for only the specified computer are displayed. If
more than one network interface uses ARP, entries for each ARP
table are displayed.
-g Same as -a.
-v Displays current ARP entries in verbose mode. All invalid
entries and entries on the loop-back interface will be shown.
inet_addr Specifies an internet address.
-N if_addr Displays the ARP entries for the network interface specified
by if_addr.
-d Deletes the host specified by inet_addr. inet_addr may be
wildcarded with * to delete all hosts.
-s Adds the host and associates the Internet address inet_addr
with the Physical address eth_addr. The Physical address is
given as 6 hexadecimal bytes separated by hyphens. The entry
is permanent.
eth_addr Specifies a physical address.
if_addr If present, this specifies the Internet address of the
interface whose address translation table should be modified.
If not present, the first applicable interface will be used.
Example:
> arp -s 157.55.85.212 00-aa-00-62-c6-09 .... Adds a static entry.
> arp -a .... Displays the arp table.

 

[Udgnim]

logon script group policy directions

http://www.petri.co.il/setting-up-logon-script-through-gpo-windows-server-2008.htm

for creating batch file, use notepad save with .bat extension

use arp -s IP_Address Made_Up_MAC_Address and statically change the default gateway's MAC address on the student workstation MAC tables

you can also screw around with the host file too

http://social.technet.microsoft.com.../thread/d07a8aa2-a059-40ff-9e05-036a72f8adba/

echo 1.2.3.4 hostname.domain.com >> %windir%\system32\drivers\etc\hosts

do something like changing the school's domain name to resolve to Google's IP address and Google's domain name to resolve to the school's IP address