LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page arpspoof scenario does not work
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-23-2016, 10:02 AM   #1
Barade
LQ Newbie
 
Registered: Sep 2016
Posts: 1

Rep: Reputation: Disabled
arpspoof scenario does not work

Hello guys,

I have setup the following scenario:
Two virtual machines with Kali Linux:
- The attacker
- The victim

The attacker sends ARP packages with arpspoof to the victim indicating that it is another third node (another IPv4 address) which does not actually exist.

Using arp to list all entries in the cache on the victim's machine shows that it knows now the third node with the MAC address of the attacker (which is what I wanted to achieve). But unfortunately it also knows the attacker with the same MAC address but another IP.

pinging the attacker works, pinging the third node does not work (although it should redirected to the attacker now). Probably because I have two nodes with the same MAC address. Maybe it does not work since the node does not actually exist? But the victim should be redirected to the attacker node?

I tried to prevent sending regular ARP replies from the attacker with its actual IP address using arptables but as soon as I called arpspoof from the attacker the victim also knew that the attacker with its actual IP address has the same MAC address.

How can I setup the scenario that the attacker with its actual IP address is not seen by the victim? Do I have to disable the interface of the attacker or the IP address? Might this be the problem or do I have to add a realy third virtual machine which is the actual target? The scenario should demonstrate a simple ARP spoofing attack but with minimal effort, so I thought two nodes would be enough.
 
Old 10-15-2016, 02:26 AM   #2
end
Member
 
Registered: Aug 2016
Posts: 266

Rep: Reputation: Disabled
Quote:
Probably because I have two nodes with the same MAC address
probably change mac addres with macchanger and see whats happening. at least you eliminate one probability.

macchanger -m b2:aa:0e:56:ed:f7 eth0
Last edited by end; 10-15-2016 at 02:30 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: TuxCut - A Tool To Protect Linux Against arpspoof Attacks LXer Syndicated Linux News 0 09-12-2016 11:51 AM
arpspoof hangs ballsystemlord Linux - Software 1 05-30-2015 08:45 AM
Will this MX failover scenario work for me? manya Linux - General 3 06-07-2012 03:44 AM
Understanding how iptables (+arpspoof) works in a "soft" mitm attack Showtime Linux - Networking 2 05-05-2012 06:13 PM
ettercap vs. arpspoof kirmet Linux - Networking 0 11-03-2005 08:51 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:44 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration