anubis2k7
06-30-2007, 05:21 AM
Hi,
I have some questions regarding MITM ARP attacks using ettercap.
First, I used the following tutorial as my guide:
ttp://forums.remote-exploit.org/showthread.php?t=99
using both BT and BT2 on a switched network. However, it does not work; when a target machine tries to go to any SSL (https) encrypted site, they receive a time out error and cannot navigate to the website. Under “Profiles” in the ettercap menu, I notice that the connections to https sites are “killed.” I have tried using both BT and BT2 on several machines, but it will not work. I tried using ettercap on a simple dlink wireless router, and it worked fine. Also, I have used Cain and Abel (oxid.it) on my switched network, and it worked fine too. So why does ettercap not work?
I also have questions about ARP poisoning defenses. I was wondering if anyone knows any effective means of client-side prevention. I have done some research and found that people recommend arpwatch to monitor suspicious ARP activity; however this is a method of ARP poisoning detection, not prevention. Also, some have suggested using “arp –s <ip mac of default gateway>” on every client. This is an effective means of stopping a SSL MITM attack, since the client has a static ARP to the default gateway, however, the default gateway does not have a static ARP to the client and can still be poisoned. So basically you have a DOS scenario in which the client can communicate to the gateway, but the gateway cannot communicate to the client. Because of DHCP, static ARPs on a gateway are infeasible.
The only method I have found that may work is using port security or some method of stateful IP to MAC protocol, however, I am unsure if the switches support such a protocol. I was hoping if anyone knew of a quick and easy client side fix, similar to the ”arp –s” method.
Also, I have found no effective means of defending against this attack in a wireless network as port security/MAC mapping on your simple $50 wireless router is infeasible. Combined with all the tutorials on WEP/WPA wireless cracking, I feel rather insecure on my wireless network now…. >.>
Thanks in advance.
I have some questions regarding MITM ARP attacks using ettercap.
First, I used the following tutorial as my guide:
ttp://forums.remote-exploit.org/showthread.php?t=99
using both BT and BT2 on a switched network. However, it does not work; when a target machine tries to go to any SSL (https) encrypted site, they receive a time out error and cannot navigate to the website. Under “Profiles” in the ettercap menu, I notice that the connections to https sites are “killed.” I have tried using both BT and BT2 on several machines, but it will not work. I tried using ettercap on a simple dlink wireless router, and it worked fine. Also, I have used Cain and Abel (oxid.it) on my switched network, and it worked fine too. So why does ettercap not work?
I also have questions about ARP poisoning defenses. I was wondering if anyone knows any effective means of client-side prevention. I have done some research and found that people recommend arpwatch to monitor suspicious ARP activity; however this is a method of ARP poisoning detection, not prevention. Also, some have suggested using “arp –s <ip mac of default gateway>” on every client. This is an effective means of stopping a SSL MITM attack, since the client has a static ARP to the default gateway, however, the default gateway does not have a static ARP to the client and can still be poisoned. So basically you have a DOS scenario in which the client can communicate to the gateway, but the gateway cannot communicate to the client. Because of DHCP, static ARPs on a gateway are infeasible.
The only method I have found that may work is using port security or some method of stateful IP to MAC protocol, however, I am unsure if the switches support such a protocol. I was hoping if anyone knew of a quick and easy client side fix, similar to the ”arp –s” method.
Also, I have found no effective means of defending against this attack in a wireless network as port security/MAC mapping on your simple $50 wireless router is infeasible. Combined with all the tutorials on WEP/WPA wireless cracking, I feel rather insecure on my wireless network now…. >.>
Thanks in advance.