Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: MitM attack causes victim connection loss

  1. #11
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    13

    Default Re: MitM attack causes victim connection loss

    Hello ,

    Exactly i have same problem , i start pinging google.com on victim and time is 200-240 ms . but after i start ettercap MiTM after some sec (4,5 sec ) time Grow up 1200-1600 ms and too much packet lost . it seems something flood Packets ,
    also when i try ping Gateway from victim time going to 400 500 ms ( before ettercap it was on 1,2 ms )
    can help me how can i check this issue ?

    regards .

  2. #12
    Just burned his ISO oddacon's Avatar
    Join Date
    Aug 2011
    Location
    USA
    Posts
    8

    Default Re: MitM attack causes victim connection loss

    considering you have started forwarding network traffic by:
    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    and in your etter.conf file removed the # tags.
    Code:
    #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    to look like

    Code:
    redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    Consider that running the command:

    ettercap -TQM ARP:REMOTE -i eth0 /10.0.0.1/ /10.0.0.2/
    will cause the router's arp wathcers to suspend traffic, sometimes from the whole router. Check out YAMAS (http://comax.fr/yamas.php) to see how some of the same commands are used in quiet mode to spoof network traffic without setting off red flags.

  3. #13
    Just burned their ISO fliprich's Avatar
    Join Date
    Jul 2010
    Location
    Earff
    Posts
    11

    Default Re: MitM attack causes victim connection loss

    I was experimenting with this setup also today. I noticed that arpspoof poisoning works fine, but when checking the arp table on the victim machine (my iphone), i noticed that the mac address in the table was the one of the host machine that runs my BT vmware station. To confirm that was the issue, I ran wireshark on both my BT VM and the host machine (Win7) while sending packets to the internet (ICMP) from the victim. After analyzing the pcaps, I noticed that the ICMP traffic was being forwarded to the host machine and NOT the Backtrack VM.

    This is not an issue when testing from my WinXP VM to my Backtrack VM because they run on the same host machine. It only happens over the physical network.

  4. #14
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: MitM attack causes victim connection loss

    Is your adapter bridged or NAT'ed? Because that makes a huge difference in terms of MiTM attacks.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  5. #15
    Just burned their ISO fliprich's Avatar
    Join Date
    Jul 2010
    Location
    Earff
    Posts
    11

    Default Re: MitM attack causes victim connection loss

    It's bridged. That's why it was so confusing to me. The BT VM, the host machine (Win7), and the victim (my iphone), were all on the same /24 network.

    But i do think the issue is something with the VM itself or the VM adapters on the host machine.

Page 2 of 2 FirstFirst 12

Similar Threads

  1. fake AP vs MITM attack
    By SecureSurfer in forum Beginners Forum
    Replies: 1
    Last Post: 01-07-2011, 01:32 AM
  2. Etternet kills victim internet connection
    By kkrapul in forum Beginners Forum
    Replies: 3
    Last Post: 11-29-2010, 07:17 PM
  3. MITM attack on Mac OS X victim?
    By Miguel7729 in forum Beginners Forum
    Replies: 2
    Last Post: 09-16-2010, 10:47 AM
  4. MiTM Attack? How to detect
    By t-alla in forum OLD Newbie Area
    Replies: 9
    Last Post: 01-09-2010, 05:47 PM
  5. SSL Rebinding & EV SSL MITM attack
    By htons139 in forum OLD BackTrack 4 Package and feature Requests
    Replies: 1
    Last Post: 08-21-2009, 08:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •