Results 1 to 5 of 5

Thread: Layer 2 Attacks

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    10

    Question Layer 2 Attacks

    I have been experimenting with the dsniff suite on my own home network, and it's frighteningly easy to use.

    Code:
    arpspoof -t victim gateway
    arpspoof -t gateway victim
    works flawlessly, along with setting ip forwarding. As I understand it, the first command makes the victim think that I'm the gateway, effectively routing all outbound traffic through my system. The second does the reverse, giving me all inbound traffic. urlsnarf confirmed the success of the attack. That's good.

    I tried running
    Code:
    arpspoof gateway
    which should make all devices on the network think that I'm the gateway, thereby redirecting all outbound traffic through my system, but not inbound. Unfortunately, this didn't work, and I got nothing, even a while after starting arpspoof. Why is this?

    Also, I tried running arpspoof from my laptop, which was connected to my network wirelessly, and arpspoof would always fail, citing something along the lines of an "unknown network" and flashed the code "0x321". Am I to understand that arpspoof will not work from a wireless host? (The target system and the gateway are both wired, and successfully misdirected from my desktop, as described above.)

    Finally, macof looks interesting, and I think I may give it a try on my switch, but I don't fully understand the process. The switch gets overloaded with MAC addresses and copes the only way that it knows how, by becoming a hub. Now, how does the switch recover from this? Does just start collecting MACs again sometime after the storm has died down, or does it stay open? I don't want to damage any of my hardware, after all.

    Thank you!

  2. #2
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    You might try running fragrouter before arpspoof:
    Quote Originally Posted by man arpspoof
    Kernel IP forwarding (or a userland program which accomplishes the same, e.g. fragrouter(8)) must be turned on ahead of time.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  3. #3
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    10

    Default

    In both cases, I turned on ip forwarding before doing any spoofing.

    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forwarding
    (There may be a typo, as I don't have access to a Linux box at the moment.  :( )

  4. #4
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by GMouse View Post
    In both cases, I turned on ip forwarding before doing any spoofing.

    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forwarding
    (There may be a typo, as I don't have access to a Linux box at the moment.  :( )
    Having not used arpspoof before, not sure where to go from there...
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  5. #5
    Member imported_blackfoot's Avatar
    Join Date
    Jun 2007
    Posts
    386

    Default arpspoof

    arpspoof is not configured to handle the SNAP headers used in wireless technologies. You will need to write a new script handler to accomplish a similar redirect on 802.11 packets. It is possible in python for example.

    MAC addresses decay after a time and so the switch will recover slowly.

    Your repetition of the arpspoof commands is correct and should work on hardwired systems or hardwired into the back of the wireless hub.

    A wireless AP acts as a hub not as a switch.

    IP forwarding should always be enabled prior to redirecting to maintain functionality of the network.
    Lux sit

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •