Re: ARP Spoofing and Routing

caseytay_at_nets.com.sg
Date: 10/03/05

  • Next message: Miguel Dilaj: "RE: John The Ripper For Win32"
    To: Rafael San Miguel Carrasco <smcsoc@yahoo.es>
    Date: Mon, 3 Oct 2005 09:07:53 +0800
    
    

    Hi all,

    I would like to know how to go abt spoofing arp caches, and DNS poisoning?
    I am doing a research on the methodologies available, and also need a list
    of tools/softwares that can help me.

    If anyone has some exprience with spoofing DNS or arp entries, pls advise.

    Thanks,
    Casey

                                                                               
                 Rafael San Miguel
                 Carrasco
                 <smcsoc@yahoo.es> To
                                           Kyle Starkey
                 10/02/2005 08:32 <kstarkey@siegeworks.com>
                 PM cc
                                           pen-test@securityfocus.com
                                                                       Subject
                                           Re: ARP Spoofing and Routing
                                                                               
                                                                               
                                                                               
                                                                               
                                                                               
                                                                               

    Remember that you may need to add a rule in iptables to avoid your
    TCP/IP stack generating ICMP_REDIRECT messages:

    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -A OUTPUT -p icmp --icmp-type redirect -j REJECT

    Greetings,

    Rafael San Miguel Carrasco

    Kyle Starkey wrote:

    >Folks..
    >I was on site yesterday at a client doing some pen-test type work and
    >thought I might play around with some arpspoofing and see what I could
    >gather. I ran into a couple of problem and thought you all might have the
    >solution.
    >
    >What I was trying to do was arpspoof a server so that I could intercept
    any
    >authentication requests that were made to it and grab passwds or hashes to
    >find some user accts. I was using the Auditors Toolkit bootable CD and
    the
    >arpspoof worked great. A tcpdump of the eth0 int when the spoof started
    >showed that I was getting all the traffic that should have been destined
    for
    >this server (hosts and server and myself were all in the same bcast seg
    >btw). However I was not running any deamons (ftp, samba, telnet, etc) to
    >answer these requests and as such was only seeing part of the conversation
    >and couldn't complete the connection to get the full auth request. So
    what
    >I need to know is how I go about sending packets that were destined for
    the
    >server originally to the actual server after I have had my
    >tcpdump/dsniff/etc doing the packet capture and filter. My ideas are as
    >follows and I could use some responses about them or OTHER ways I can
    >accomplish this...
    >
    >1) routed routing traffic to the original host with a static ARP entry in
    my
    >host for the server I am spoofing so I don't spoof myself
    >
    >2) some kind of proxy server that will capture and forward traffic based
    on
    >the dest addr of the packet and again a static arp entry for the host
    being
    >spoofed so we don't spoof ourselves
    >
    >3) load ftpd, samba, telnet, to answer these requests, even if we are
    >denying auth people will still pass user credentials in an attempt to
    login,
    >after the arpspoof has happened...
    >
    >4) some other already built tool that I have never heard of and should
    learn
    >to use...
    >
    >
    >If this makes no sense please feel free to flame me and call me an idiot,
    >but its been a long week and the coffee aint helping...
    >
    >-K
    >
    >Kyle R. Starkey
    >Senior Security Consultant
    >CISSP # 31718
    >Siegeworks LLC
    >Email: kstarkey@siegeworks.com
    >Cell: 435-962-8986
    >
    >
    >------------------------------------------------------------------------------

    >Audit your website security with Acunetix Web Vulnerability Scanner:
    >
    >Hackers are concentrating their efforts on attacking applications on your
    >website. Up to 75% of cyber attacks are launched on shopping carts, forms,

    >login pages, dynamic content etc. Firewalls, SSL and locked-down servers
    are
    >futile against web application hacking. Check your website for
    vulnerabilities
    >to SQL injection, Cross site scripting and other web attacks before
    hackers do!
    >Download Trial at:
    >
    >http://www.securityfocus.com/sponsor/pen-test_050831
    >-------------------------------------------------------------------------------

    >
    >
    >
    >

    ------------------------------------------------------------------------------

    Audit your website security with Acunetix Web Vulnerability Scanner:

    Hackers are concentrating their efforts on attacking applications on your
    website. Up to 75% of cyber attacks are launched on shopping carts, forms,
    login pages, dynamic content etc. Firewalls, SSL and locked-down servers
    are
    futile against web application hacking. Check your website for
    vulnerabilities
    to SQL injection, Cross site scripting and other web attacks before hackers
    do!
    Download Trial at:

    http://www.securityfocus.com/sponsor/pen-test_050831
    -------------------------------------------------------------------------------

    ***************************************************************************
                IMPORTANT NOTICE:
    This email and any files transmitted with it is intended only for
    the use of the person(s) to whom it is addressed, and may
    contain information that is privileged, confidential and exempt
    from disclosure under applicable law. If you are not the intended
    recipient, please immediately notify the sender and delete
    the email. Thank you.

    ***************************************************************************

    Casey Tay Kian Chuan
    Data Security Analyst
    Data Security
    DID : 65-6374-0653
    TEL : 65-6272-0533
    FAX : 65-6275-7712

    Network For Electronic Transfers (S) Pte Ltd
    298 Tiong Bahru Road
    #04-01/06 Central Plaza
    Singapore 168730
    http://www.nets.com.sg

    ********************************************************************************

    IMPORTANT NOTICE: This email and any files transmitted with it is
    intended only for the use of the person(s) to whom it is addressed, and
    may contain information that is privileged, confidential and exempt from
    disclosure under applicable law. If you are not the intended recipient,
    please immediately notify the sender and delete the email. Thank you.
    ********************************************************************************

    ------------------------------------------------------------------------------
    Audit your website security with Acunetix Web Vulnerability Scanner:

    Hackers are concentrating their efforts on attacking applications on your
    website. Up to 75% of cyber attacks are launched on shopping carts, forms,
    login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
    futile against web application hacking. Check your website for vulnerabilities
    to SQL injection, Cross site scripting and other web attacks before hackers do!
    Download Trial at:

    http://www.securityfocus.com/sponsor/pen-test_050831
    -------------------------------------------------------------------------------


  • Next message: Miguel Dilaj: "RE: John The Ripper For Win32"

    Relevant Pages

    • RE: Penetration test of 1 IP address
      ... You could use a whole sleth of tools on some server, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Check your website for vulnerabilities to SQL injection, ... Up to 75% of cyber attacks are launched on shopping ...
      (Pen-Test)
    • RE: ARP Spoofing and Routing
      ... It's pretty nice and very easy to use once you figure out the arp spoofing piece. ... >What I was trying to do was arpspoof a server so that I could intercept ... Up to 75% of cyber attacks are launched on shopping carts, forms, ... Check your website for ...
      (Pen-Test)
    • RE: database server audit tools
      ... For ongoing audit accountability and regulatory compliance via log ... Subject: database server audit tools ... please send me also some links to harden my database server from attacks.. ... Audit your website security with Acunetix Web Vulnerability Scanner: ...
      (Pen-Test)
    • Re: Re: database server audit tools
      ... Subject: database server audit tools ... please send me also some links to harden my database server from attacks.. ... Hackers are concentrating their efforts on attacking applications on your website. ...
      (Pen-Test)
    • Re: Identification of a Mail Server
      ... Identification of a Mail Server ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)