En okuthunyelwe kwami kokugcina mayelana ne-ArpSpoofing abaningana babephoxekile, abanye bashintshe nephasiwedi ye-Wi-Fi ne-imeyili.
Kepha nginesixazululo esingcono kakhulu kuwe. Kuyinto isicelo esikuvumela ukuthi uvimbele lolu hlobo lokuhlaselwa etafuleni le-ARP,
Ngikwethulela i-ArpON.
Lolu hlelo lukuvumela ukuthi uphazamise ukuhlaselwa kohlobo I-MTIM Ngo I-ARPSpoofing. Uma ufuna ukuyilanda:
Ukuyifaka ivuliwe Debian kufanele usebenzise kuphela:
apt-get install arpon
Sebenzisa ama-algorithms alandelayo:
- ISARPI - Ukuhlolwa kwe-Static ARP: Amanethiwekhi angenayo i-DHCP. Isebenzisa uhlu lwe-static lokufakiwe futhi ayikuvumeli ukulungiswa.
- DARPI - Ukuhlolwa kwe-Dynamic ARP: Amanethiwekhi ane-DHCP. Ilawula izicelo ezingenayo nezingenayo ze-ARP, ilondoloze lezo eziphumayo bese ibeka isikhathi sokuvala sempendulo engenayo.
- UHARPI - Ukuhlolwa kwe-Hybrid ARP: Amanethiwekhi ane-DHCP noma engenayo. Sebenzisa izinhlu ezimbili ngasikhathi sinye.
Ngemuva kokuyifaka, ukucushwa kulula kakhulu.
Sihlela ifayela ( / etc / default / arpon )
nano /etc/default/arpon
Lapho sihlela okulandelayo:
Inketho ebeka (RUN = »cha») Sibeka (RUN = »yebo»)
Ngemuva kwalokho uqaqa umugqa othi (DAEMON_OPTS = »- q -f /var/log/arpon/arpon.log -g -s» )
Ukuhlala okuthile okufana nalokhu:
# Defaults for arpon initscript
sourced by /etc/init.d/arpon
installed at /etc/default/arpon by the maintainer scripts
You must choose between static ARP inspection (SARPI) and
dynamic ARP inspection (DARPI)
#
For SARPI uncomment the following line (please edit also /etc/arpon.sarpi)
DAEMON_OPTS="-q -f /var/log/arpon/arpon.log -g -s"
For DARPI uncomment the following line
DAEMON_OPTS="-q -f /var/log/arpon/arpon.log -g -d"
Modify to RUN="yes" when you are ready
RUN="yes"
Futhi uqala kabusha insiza:
sudo /etc/init.d/arpon restart
Kuyathakazelisa, kepha bengizothanda uma unganweba kancane ukusho ukuthi lolu hlelo lusebenza kanjani, ukuthi lukuvimbela kanjani ukuhlaselwa. Siyabonga ngokwabelana. Ukubingelela okuvela eVenezuela.
Ngiyasixhasa isiphakamiso.
Ngisekela ukwesekwa »
Ngisekela ukwesekwa.
hahaha, ngiyakweseka !!!
Ngiyethemba akekho omunye oza !!
XD
Kuhle kakhulu
Uma inethiwekhi yami iyi-DHCP, kufanele ngiyekise umugqa we-DARPI?
Enye into ukuthi uma i-PC yami ihamba kancane, ingabe yehlisa ijubane uma ngisebenzisa lolu hlelo?
I-gracias
Yebo no cha. Ngisebenzisa ukuxhumana kwe-Wi-Fi, akukho lutho olungithintayo.
Ngiyabonga, ngakho-ke ungasebenzisi izinsiza ezingeziwe.
Kuhle kakhulu, ukukhuluma iqiniso.
Kuhle kakhulu. Ukuchaza ukuthi lezi zinto zisebenza kanjani kunzima kakhulu ukungena okukodwa ... Nginayo eyisisekelo esalinde i-ettercap, ake sibheke ukuthi ngabe ngiyangena yini
Umbuzo, ngine-router yami ye-Wi-Fi ene-password ye-wps, kuzothatha inkathazo engaka?
Iphasiwedi ye-Wps? I-wps ayisihlanganisi, kumane kuyindlela elula yokungena ngaphandle kwamaphasiwedi. Eqinisweni kusengozini impela.
Ngincoma ukukhubaza i-wps yomzila wakho.
Ngabe akulula umyalo arp -s ip mac we-router?
Yebo, kunjalo futhi uma usebenzisa i- "arp -a" bese uhlola i-MAC lapho ungena ngemvume ...
Okumangazayo ukuthi ixhunywe ku-Gmail esifundweni se-Spoofing nge-protocol ye-http… Siyakwamukela emhlabeni ophephile, i-SSL isungulwe kuhlelo lwekhasi lewebhu!
..khona-ke kunamakhasi afana neTuenti okuthi uma ungena ngemvume, bakuthumele imininingwane nge-http noma ngabe ufinyelela nge-https, kepha bakhethekile ... xD
Ngilungise uma nginephutha kepha angicabangi ukuthi kunesidingo sokufaka isoftware ekhethekile ukuvikela lolu hlobo lokuhlaselwa. Kwanele ukuhlola isitifiketi sedijithali seseva esihlose ukuxhuma kuso.
Ngalokhu kuhlaselwa, ikhompyutha ye-MIM (indoda phakathi) ezenza iseva yoqobo ayinalo ikhono lokuzenza isitifiketi sayo sedijithali futhi lokho ekwenzayo ukuguqula ukuxhumana okuphephile (https) kube okungaphephile (http). Noma tshala isithonjana esizama ukubukeka silingise lokho isiphequluli sethu esingasikhombisa khona ngokuxhumana okuphephile.
Ngathi: ngilungise uma nginephutha, kepha uma umsebenzisi anaka kancane isitifiketi, singathola lolu hlobo lokuhlaselwa.
http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part4.html
Okwamanje ngikwenza ezingeni le-iptables, lo ngomunye wemithetho enginayo ku-firewall yami.
Lapho i- $ RED_EXT, isikhombimsebenzisi lapho ikhompiyutha ixhunywe ku-inthanethi eh $ IP_EXTER, ikheli le-IP lapho okokuvikela kufanele kube nakho.
# I-anti-spoofing (ukukhishwa komthombo ip ip)
ama-iptables -I-INPUT -i $ RED_EXT -s $ IP_EXTER -m ukuphawula –ukubeka amazwana "i-Anti-MIM" -j DROP
iptables -I-INPUT -i $ RED_EXT -s 10.0.0.0/24 -m ukuphawula -ukubeka amazwana "i-Anti-MIM" -j DROP
iptables -I-INPUT -i $ RED_EXT -s 172.16.0.0/12 -m ukuphawula -ukubeka amazwana "i-Anti-MIM" -j DROP
iptables -A INPUT -i $ RED_EXT -s 192.168.0.0/24 -m ukuphawula -ukubeka amazwana "i-Anti-MIM" -j DROP
iptables -I-INPUT -i $ RED_EXT -s 224.0.0.0/8 -j DROP
iptables -I-INPUT -i $ RED_EXT -d 127.0.0.0/8 -j DROP
iptables -A INPUT -i $ RED_EXT -d 255.255.255.255 -j DROP
Phendula ngokucaphuna
http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part4.html
Eshu umuntu angasusa la mazwana athunyelwe i-xD ngokungeyona
Mnikelo omuhle othandekayo, kepha nginombuzo wakamuva ngithemba ukuthi ungawuphendula:
Ngiphethe iseva ye-ipcop 2, ngakho-ke bengizothanda ukulawula amatafula adumile e-arp kepha iseva ayinakho lokhu kulawula (njengoba kwenza i-mikrotik), ngamagama ambalwa engingathanda ukwazi ukuthi ngingakwazi ukufaka Ukwazi inzuzo kukusiza ngoba ngingena ku-linux nezinzuzo zayo ... ngiyethemba ungangiphendula, ngiyabonga nemikhonzo ...
Iqiniso ukuthi angikaze ngizame i-ipcop2. Kepha ngenxa yokusekelwa kweLinux, ngicabanga ukuthi kufanele ngikwazi ukuphatha ama-iptable ngandlela thile ukuze ngingalivumeli lolu hlobo lokuhlaselwa.
Noma ungangeza i-IDS efana ne-Snort ukukuxwayisa kulokhu kuhlaselwa.
(Impendulo ngiyithumele kathathu ngoba angiboni okuvelayo ekhasini, uma ngabe nginephutha ngiyaxolisa ngoba angazi)
Isifundo esihle, kepha ngithola lokhu:
sudo /etc/init.d/arpon qala kabusha
[….] Ukuqalisa kabusha i-arpon (nge-systemctl): arpon.serviceJob ye-arpon.service yehlulekile ngoba inqubo yokulawula iphume ngekhodi lephutha. Bona i- "systemctl status arpon.service" ne- "journalctl -xe" ngemininingwane.
yehlulekile!