Come posso impedire il reindirizzamento della mia rotta con il reindirizzamento dei pacchetti ICMP da un man-in-the-middle?
Sto specificatamente cercando di evitare che qualcuno usi ettercap
con l'opzione -M icmp
. Da man ettercap
:
icmp (MAC/IP)
This attack implements ICMP redirection. It sends a
spoofed icmp redirect message to the hosts in the lan
pretending to be a better route for internet. All connec‐
tions to internet will be redirected to the attacker
which, in turn, will forward them to the real gateway.
The resulting attack is a HALF-DUPLEX mitm. Only the
client is redirected, since the gateway will not accept
redirect messages for a directly connected network. BE
SURE TO NOT USE FILTERS THAT MODIFY THE PAYLOAD LENGTH.
you can use a filter to modify packets, but the length
must be the same since the tcp sequences cannot be
updated in both ways.
You have to pass as argument the MAC and the IP address
of the real gateway for the lan.
Obviously you have to be able to sniff all the traffic.
If you are on a switch you have to use a different mitm
attack such as arp poisoning.