Spook Posted June 22, 2007 Posted June 22, 2007 I recently watched one of the Hack5 videos which took us through using an Arp attack to fool the firewall/router into thinking my PC was another, thus capturing its network traffic Im trying this on my ISP's network, Im trying to test this on an IP thats on the same gateway as me Its not working, I dont appear to be recieving any packets from the remote PC Im on XP, using Cain & Able to poisin which Ive done exactly as demonstrated, then used ethereal to sniff the packets Im connected direct, no router using only XP's firewall Im just wondering if this isnt working because Im trying to fool a heavy shit Cisco router used by my ISP. Do they have extra security that defends its network from the Arp attack as apposed to your average joe netgear or belkin Feedback would be great ! Spook. Quote
deleted Posted June 22, 2007 Posted June 22, 2007 It only really works on a LAN. Not an External Network (as to my undrestanding) it works on a different principle. Quote
Spook Posted June 22, 2007 Author Posted June 22, 2007 Yeh I would have thought that, so just to clarify it is because the ISP heavy shit routers arnt suceptable to these kind of attacks where as the cheapy routers are Quote
Sparda Posted June 22, 2007 Posted June 22, 2007 Routers aren't vulnerable to this at all. Switches are the only device that are. Quote
Spook Posted June 22, 2007 Author Posted June 22, 2007 In the hack5 video they use an example where 192.168.1.1 is the acting firewall/router and attack 192.168.1.102 Also go into an internet cafe and do the same there Thats what I dont understand, so surely the router is vulnerable Quote
Sparda Posted June 22, 2007 Posted June 22, 2007 Routers are often now multiple devices. It's very common to get a box with a switch and a router together. The switch is the vulnerability. Speaking of the wireless, a ARP attack is unnecessary to capture data. Nor is connection to the network. That is if you have access to the first layer of the net stack of wireless network adapter (i.e. the physical layer). Quote
Spook Posted June 22, 2007 Author Posted June 22, 2007 Ahh I see, so the switch is the target So how in the hack5 example do they have it working on a router? Quote
Sparda Posted June 22, 2007 Posted June 22, 2007 So how in the hack5 example do they have it working on a router? As in wireless? Quote
Spook Posted June 22, 2007 Author Posted June 22, 2007 Both, they did it on a wired and wireless LAN Quote
Sparda Posted June 22, 2007 Posted June 22, 2007 In the case of the wired they where attacking a box with a switch and a router combined, they where abusing the switch. In the case of the wireless all they where doing was having the AP relabel the packets to there computer, there bypassing the need to be able to 'see' the packets physically becasue as fare as the wireless card is concerned the packets are for there computer. As for attacking a wireless network this is actually the wrong way to do it, this is a very intrusive method. The correct way is just to have the network card not drop any received packets even if they are labeled to be received by another computer. APs are, effectively, a wireless HUB. Quote
Spook Posted June 22, 2007 Author Posted June 22, 2007 I see, so basically a heavy cisco router is not going to have an exploitble switch built in? Quote
moonlit Posted June 22, 2007 Posted June 22, 2007 No, basically. Oh, and it's "Hak.5", no "c". Welcome. Quote
Spook Posted June 22, 2007 Author Posted June 22, 2007 My bad about the Hak :-? So just to conclude its the switch that deals with the Arp table? Quote
Sparda Posted June 22, 2007 Posted June 22, 2007 So just to conclude its the switch that deals with the Arp table? Aye, only switches have ARP tables. Also, routers drop broadcast packets, which are what is used to poison arp tables. So, if you try to poison the non-existent arp table on a ISP router, the router will just (effectively) go "oh, it's a board cast packet, DELETED" (all routers have a LED on them that has the word "DELETED" next to it don't you know :P) Quote
Spook Posted June 22, 2007 Author Posted June 22, 2007 Ok I see now But you mentioned in the example of Hak.5 the router obviously has a switch built in.. great! However, although it has a poisonable switch the router is also designed to drop the broadcast packets So how are they still able to do this if the broadcast packets are being dropped before they can nest into the switches Arp table Quote
Sparda Posted June 22, 2007 Posted June 22, 2007 However, although it has a poisonable switch the router is also designed to drop the broadcast packets So how are they still able to do this if the broadcast packets are being dropped before they can nest into the switches Arp table The router drops the packets, not the switch. When you send a packet to the 'router' (the box that is both a switch and a router) the switch 'sees' all traffic. So if the router dose drop a packet, it must have already passed though the switch. Quote
Spook Posted June 22, 2007 Author Posted June 22, 2007 Thank you! Can you think of anyway to achieve the same sort targetting a Cisco router? Quote
Sparda Posted June 22, 2007 Posted June 22, 2007 Can you think of anyway to achieve the same sort targetting a Cisco router? Physical rewire. Or figure out what the su password is and edit the routing tables. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.