Il vittima perde la connessione a Internet durante l'attacco MITM

0

Ho provato a fare un attacco MITM sulla mia rete. Ho attivato ettercap , ho contrassegnato il mio router come TARGET1 e il mio secondo computer come TARGET2. Quindi ho attivato 'ARP Spoofing'. Non so perché - ma dopo questa operazione la mia vittima ha perso la connessione a Internet. Non vedo nulla in urlsnarf . Sembra che entrambi i lati del mio piano si siano resi conto di alcuni problemi: di seguito pubblichiamo i risultati della cattura di Wireshark.

La mia domanda è? Cosa faccio di sbagliato? Cosa dovrei migliorare per fare un buon attacco MITM. A questo attacco ho usato una scheda Wi-Fi esterna, ne ho anche un'altra, integrata, (era connessa alla stessa rete). Ho abilitato l'inoltro ipv4 ( cat /proc/sys/net/ipv4/ip_forward == 1).

Risultati della cattura di Wireshark:

   No.     Time           Source                Destination           Protocol Length Info
      9 0.582284000    Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 9: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
     10 0.582393000    Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 10: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 9)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 9)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    118 10.582643000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 118: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    119 10.582701000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 119: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 118)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 118)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    140 20.582933000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 140: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    141 20.582995000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 141: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 140)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 140)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    171 30.583194000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 171: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    172 30.583261000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 172: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 171)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 171)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    185 40.583479000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 185: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    186 40.583543000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 186: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 185)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 185)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    330 50.583765000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 330: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    331 50.583831000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 331: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 330)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 330)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    333 51.601767000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     Who has 192.168.0.1?  Tell 192.168.0.101

Frame 333: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (request)

No.     Time           Source                Destination           Protocol Length Info
    334 51.602934000   Tp-LinkT_8c:13:50     Tp-LinkT_21:e9:30     ARP      42     192.168.0.1 is at [ROUTER MAC]

Frame 334: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_8c:13:50 ([ROUTER MAC]), Dst: Tp-LinkT_21:e9:30 ([ATTACKER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1728 60.584062000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 1728: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1729 60.584131000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 1729: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1728)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1728)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1849 70.584400000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 1849: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1850 70.584480000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 1850: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1849)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1849)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1896 80.584691000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 1896: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1897 80.584765000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 1897: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1896)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1896)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1932 90.584985000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 1932: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1933 90.585049000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 1933: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1932)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1932)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1946 100.585252000  Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 1946: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1947 100.585312000  Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 1947: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1946)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1946)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1992 110.585539000  Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 1992: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1993 110.585597000  Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 1993: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1992)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1992)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   2054 120.585783000  Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 2054: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   2055 120.585833000  Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 2055: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 2054)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 2054)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   2061 124.609742000  Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     Who has 192.168.0.1?  Tell 192.168.0.101

Frame 2061: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (request)

No.     Time           Source                Destination           Protocol Length Info
   2062 124.610917000  Tp-LinkT_8c:13:50     Tp-LinkT_21:e9:30     ARP      42     192.168.0.1 is at [ROUTER MAC]

Frame 2062: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_8c:13:50 ([ROUTER MAC]), Dst: Tp-LinkT_21:e9:30 ([ATTACKER MAC])
Address Resolution Protocol (reply)
    
posta TN888 22.11.2014 - 22:37
fonte

2 risposte

3

Probabilmente non stai indirizzando il traffico al gateway.

Hai detto alla vittima che sei il gateway e hai detto al gateway che sei la vittima, ma quando la vittima prova a inviare traffico non hai configurato il tuo computer per inoltrare il traffico al gateway.

Puoi farlo con iptables.

    
risposta data 01.10.2016 - 01:39
fonte
0

Devi assicurarti che il traffico scorra attraverso la tua macchina. Per il gateway e il computer, sei, rispettivamente, il computer o il gateway. Probabilmente stai bloccando tutto il traffico ora a quello di così è per questo che il computer sta perdendo la sua connessione Internet. Non la sua LAN.

Risolvi il problema nel tuo firewall, proxy. Su Linux iptables farà il suo lavoro. Una semplice ricerca su Google ti darà la configurazione giusta.

    
risposta data 01.10.2016 - 13:18
fonte

Leggi altre domande sui tag