Network (ARP) spoofing - anybody had a recent experience of this on their sqn’s network?

Afternoon All,

So, we have BT Business Broadband in the SQN (just getting it wasn’t easy), unfortunately not Fibre to the Premises (FTTP) just yet, and then we extend the broadband signal around the side of the property with an ethernet cabled outdoor wi-fi extender device, to enable it to get into the main hall through lots of external metal clad building exterior - until such a time as the LVMNW’s application for ethernet cabling ability throughout is given the go ahead.

We then add a few BT Wifi extender discs indoors, to beam the signal into the CI’s office, x2 Lecture rooms etc.

Last week, the OC called me in as I’m essentially their highest tech knowledgable person (Bsc Information Security), so I don’t mind imparting input, to the point I’ve already upgraded several of their tech devices/systems and more to do.

For example: what with the largest current issue I foresaw and is one that I hope all other sqn’s are aware and working to resolve for themselves = Win 10 becomes somewhat end-of-life this coming October - you can pay a fee per device to Microsoft to keep getting their security patches but it gets dearer every year too, so becomes a false economy really.

This has led CivCom into beginning to purchase/seeking Grant Funding for suitable refurbished enterprise/commercial mini pc’s that already have Win11 and have been researched to be up to the job for both Staff’s admin, but also things like Cadet Classification handling and other aspects on those devices - yet not Gaming/FS on the latter, as that’s a different animal.

Back to last week… his office device’s security software popped up a security warning ‘a supsicious device (IP: x.x.x.x) is using ARP spoofing to collect all data sent to and from your computer’.

Now this was easiest to simply shut down the internet connection at the main router, essentially isolating the issue for now - not ideal but it was near the end of parade evening too. I am now in the process of identifying the device brought to our attention and will no doubt get to the bottom of it, but for now… has any other SQN experienced the same thing at all - curious?

It’s weird, as our router is never left on overnight, only ever on for the 3 hrs that the sqn parade’s twice a week, so I have a call to BT Business Broadband pencilled in just to cover off that side, and whilst it’s easy to see that devices internet security softwares pick up such as this #ARPSpoofing, I wish to get to the bottom of it and if there any lessons to be learnt from this episode, we can all do so.

Many thanks,

If you are super worried about this sort of security, the easiest solution would be to run two WLANs. One that only CFAV and unit devices have access too, and then a separate ‘guest’ network that cadets and anyone else can use.

WRT this though, have you seen the RAFACs movement towards Chrome OS? And/or are you aware of getting access to Chrome OS Flex for free, which works very well to boost old machines’ lifespan.

What was the device that was ARP spoofing? You mention an IP but not what it was.

Thanks for the reply. Indeed x2 WLAN’s works and was possibly next in the pipeline for expanding to that, just a little quicker than anticipated maybe Although, I can make use of the guest network within the bt smart hub, yet it makes it easier to keep everybody on the same network but I want to roll out each device to static ip’s, versus dynamic = easier future identification etc.

I had read about the move towards Chrome OS and OS Flex indeed and of course it will have it’s uses. So, although I need to research much more about it before recommending it via CivCom to the OC, my main instant concer that is fairly unshakable is that we for e.g. do not yet have a stable enough internet connection/infrastructure and afterall, Chrome OS Flex being cloud-based, I’m not much a fan of that unless for larger businesses/organisations who have a great infrastructure already in place.

In the meantime though, we needed to update such antiquated equipment and for circa £95-£110ea (upwards to approx £150 with 2/3 year warranty) for the cracking refurbised HP ProDesk 600 G4 Mini PC’s, including original Win 11 which everybody is familiar with, it’s about keeping an element of consistent harmony for now to be honest with you.

Have you begun rolling it out to/in your sqn then, and if so, how are you finding it… For instance G Docs is shocking and causes a fair chunk of reality issues that I’m not sure that some of the staff at CO’s sqn would make the switch so easy for instance.

I previously thought about Linux Mint Cinnamon but that would have still likely been a bridge too far.

I won’t know until this evening, as it was right at the end of the last parade night. As a JCC too, access isn’t freely available on other times, nor suitable to mine, so it was all shut down and I shall begin the hunt this evening when they are parading.

Hopefully it is a false positive; it could be something as simple as a wireless printer as they sometimes do odd things, so that client devices can print from the wlan without having to change the network they are using.

But someone would have had to set it up that way, I don’t think they are clever enough (yet) to get themselves onto the wlan without human help.

Segmenting the WLAN is definitely the way forward.

Mini PCs: #1 these are great, I personally like the Lenovo Tiny PC but both the HP and Dell versions are decent. Anything with 8th gen Intel processor will run Win11. (Or AMD equivalent). Chromebooks are a nice idea but no desktop Microsoft Office would be a deal breaker for me.

Mini PCs: #2 there are some NUC type devices with Ryzen APUs that look decent. They won’t play the latest top end games at crazy refresh rates but they are good enough for flight sims and lower end games (X-Plane 12 has some optimisation for APUs/integrated graphics).

I do really worry for those sqns that don’t have a single tech savvy member of staff (mine included) I haven’t understood a single word of of this thread but I imagine there are any number of sqn networks out there that are extremely vulnerable.

Shhh, the headsheds will mandate that every squadron has a CISSP if they hear that!