Come impedire il reindirizzamento ICMP prodotto da un man-in-the-middle

4

Come posso impedire il reindirizzamento della mia rotta con il reindirizzamento dei pacchetti ICMP da un man-in-the-middle?

Sto specificatamente cercando di evitare che qualcuno usi ettercap con l'opzione -M icmp . Da man ettercap :

 icmp (MAC/IP)
                     This attack  implements  ICMP  redirection.  It  sends  a
                     spoofed  icmp  redirect  message  to the hosts in the lan
                     pretending to be a better route for internet. All connec‐
                     tions  to  internet  will  be  redirected to the attacker
                     which, in turn, will forward them to  the  real  gateway.
                     The  resulting  attack  is  a  HALF-DUPLEX mitm. Only the
                     client is redirected, since the gateway will  not  accept
                     redirect  messages  for  a directly connected network. BE
                     SURE TO NOT USE FILTERS THAT MODIFY THE  PAYLOAD  LENGTH.
                     you  can  use  a filter to modify packets, but the length
                     must be the  same  since  the  tcp  sequences  cannot  be
                     updated in both ways.
                     You  have  to pass as argument the MAC and the IP address
                     of the real gateway for the lan.
                     Obviously you have to be able to sniff all  the  traffic.
                     If  you  are on a switch you have to use a different mitm
                     attack such as arp poisoning.
    
posta user123456 05.12.2016 - 14:10
fonte

1 risposta

1

Per eliminare IGMP e ICMP:

iptables -A INPUT -p ICMP -j DROP
iptables -A OUTPUT -p ICMP -j DROP

iptables -A INPUT -p IGMP -j DROP
iptables -A OUTPUT -p IGMP -j DROP
    
risposta data 06.12.2016 - 08:50
fonte

Leggi altre domande sui tag