ARP Spamming with Arduino

Question

ARP Spamming with Arduino

Gavin Thompson

Will this work on a enterprise level network? and how easy can they detect what the source and the port its coming from?

youtube.com/watch?v=fUip01vPioA&t

June 15, 2017 - 05:39

Other urls found in this thread:

en.wikipedia.org/wiki/IEEE_802.1X
threatpost.com/cisco-netgear-readying-patches-for-samba-vulnerability/125974/
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
twitter.com/NSFWRedditGif

Matthew Gonzalez

>will it work
no
>how easy can they detect
very

June 15, 2017 - 05:40

Colton Lopez

well it does work on my network at home but im guessing most large networks have some sort of protection against it

June 15, 2017 - 05:42

Landon Jackson

Also the MAC adress it has is not real

June 15, 2017 - 05:43

Grayson Roberts

It's called Dynamic ARP Inspection and DHCP snooping
Also, edge ports are usually limited to 1 or 2 learnt MACs (PC or VoIP phone and PC)
Excessive MAC moves are usually also monitored
If they use Private VLANs it won't affect any others

June 15, 2017 - 06:08

Jace James

user is right, but most enterprises arent configured properly so there is a chance it will work. that being said, its massively faggotish of you to want to do that to a network.

June 15, 2017 - 07:06

Levi Ramirez

newbie here
do what? is ARP spamming is some kind of ddos attack?

June 15, 2017 - 07:22

Isaiah Hall

depends on if its targeted or not. you can try to MITM traffic using ARP flooding, but if you are broadcasting ARP for everything then yes, you could create a DOS scenario.

June 15, 2017 - 07:26

Aiden Adams

wait, MITM with ARP flooding? how? it pretends to be one of the receivers?
few months ago i was wondering if i could MITM attack on the company i was working for(big retail store with bunch of retard leaders)
the network was so fucked up to begin with that they couldnt notice it at all, i had direct line to the main router, however for some ungodly reason they had 7 IPS subscriptions, all of them to the same fucking company and gave up about there

June 15, 2017 - 07:30

Isaac Baker

yes, you flood the target with arp's saying you are the gateway, and then tell the switch you are the host you are trying to MITM. run tcpdump and extract what you want from it. encrypted connections are still encrypted, but there are something out there that can proxy that kind of stuff.

June 15, 2017 - 07:34

Ryan Green

>wait, MITM with ARP flooding
"ARP poisoning" is when you advertise your hardware address for an IP address that another device is trying to connect to. When the other device sees that your hardware address is the device they're trying to talk to, it will send you traffic instead. That lets you gather packets intended for another device.

June 15, 2017 - 07:35

Brayden Hall

in MITM the original receiver still gets the message from the host right? shouldnt ARP flooding clog up the whole network after a few packets? or the host doesnt even care that he just gets duplicate responses all the time?

June 15, 2017 - 07:42

Blake Johnson

what is BPDU Guard

June 15, 2017 - 07:42

Dominic King

>in MITM the original receiver still gets the message from the host right
You can redirect traffic with ARP poisoning, so you could have a device send you traffic, read it/modify it, send it to the originally intended device, get the response, read it/modify it, and send it back. It's a way to do a MITM on a layer 2 network without having your device physically "between" 2 devices.

June 15, 2017 - 07:44

Chase Collins

damn...
lost the touch since cisco courses
recommended places to get back on the horse?

June 15, 2017 - 07:46

Nolan Watson

Will iptables block this? For example, I have UFW enabled on all my local machine, and when I ping a local address, I get "Host unreachable". and arp shows "Hwaddress" table for the address as "(incomplete)".

June 15, 2017 - 07:47

Charles Rodriguez

Shit, I have no idea. I'm still trying to get into Metasploit but I've actually been busy with projects at work so I don't have time for it. I bought a book from the library for a buck when they were trying to get rid of old books and it was a pretty easy read, it was good for an overview on various exploitation techniques.
Metasploit is kind of skid-tier, but it's great for learning if you actually dig into the exploits and learn how they work.

June 15, 2017 - 07:53

Elijah James

>Will iptables block this
Not really. If you want to stop it your only real options are managed switches with security against it, or adding static ARP entries to stop ARP spoofing. Even with static ARP entries you'd still need a managed switch with security to stop a device from pretending to have another device's MAC address and causing havoc, but you'll be able to force IP to MAC from getting fucked up.

June 15, 2017 - 07:59

Ian Bennett

>all of this thread
>no fucking dot1x
Sure smells like summer in here

June 15, 2017 - 08:01

Jaxson Carter

>smells like summer
you do know that this line is mostly used by those who are not even 1 year on the site but they feel like they're oldfags do you?

June 15, 2017 - 08:05

Kevin James

Also, if you're going to try using Metasploit/other exploit tools to try to learn hands-on, you'll probably want to set up a lab for it. I bought pic related off Ebay for 100 bucks (+40 dollars shipping) and it can handle a very feature filled test lab. The only downside is it's about 150 watts, so if you spend more you can get something better that's less power hungry.

June 15, 2017 - 08:05

Hunter Perez

Brainlet here, can someone explain?

en.wikipedia.org/wiki/IEEE_802.1X

June 15, 2017 - 08:05

Lincoln Jackson

Certificate or password authentication when you connect to a switch.

June 15, 2017 - 08:07

Kayden Watson

We just rolled out Cisco ISE at work. That shit ain't happening on my LAN.

June 15, 2017 - 08:09

Joshua Howard

It puts the auth(entic|oriz)ation in the ethernet

June 15, 2017 - 08:10

Joseph White

isnt cisco the one that had a security vulnerability so severe that about 25000 companies' network got totally exposed last year or so?

June 15, 2017 - 08:11

Isaac Ross

Uh, every single vendor has vulnerabilities. Not sure which specific vuln you're talking about. Source?

June 15, 2017 - 08:13

Adam Sanders

>Cisco
Or as I have taken to calling it, NSA plus Cisco

June 15, 2017 - 08:17

Noah Butler

cant find the exact but it was all over the internet for how epic of a flaw it was
maybe this, but not sure
threatpost.com/cisco-netgear-readying-patches-for-samba-vulnerability/125974/

June 15, 2017 - 08:18

Alexander Robinson

>threatpost.com/cisco-netgear-readying-patches-for-samba-vulnerability/125974/
That's Samba though. There was something with the Cisco default config that let people log into the switches (pretty fucking severe), but that only affected retarded companies (most of them) that didn't change the default passwords.

June 15, 2017 - 08:20

Justin Powell

Also tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
There was also stuff for it in one of the recent Vault7 releases.

June 15, 2017 - 08:23

Asher Torres

Ya, that's gotta be for really dumb engineers. That's obviously best practice to change default, or better yet use TACACS.

June 15, 2017 - 08:23

Landon Young

Not him, but Cisco was in bed with the NSA for years. They claim they broke up though, for anything it's worth.

June 15, 2017 - 08:24

Jace Collins

Sore much?

June 15, 2017 - 08:27

Easton Robinson

i've been here for the past 10 years, my feathers are perfectly calm, these swats aint shit

June 15, 2017 - 08:30

Carson Turner

And I am moot desu

June 15, 2017 - 08:34

Carter Martinez

really? how does it feel losing the site you appleserver using faggot?

June 15, 2017 - 08:35

1 2 ... 4 Next

ARP Spamming with Arduino

Last threads