Analysis of a known as any arp firewall test Software-bug warning-the black bar safety net

2008-02-02T00:00:00
ID MYHACK58:62200818320
Type myhack58
Reporter 佚名
Modified 2008-02-02T00:00:00

Description

Skiller in the Ph4nt0m | Google Groups released a known as you can through any arp is a firewall test software. <http://groups.google.com/group/ph4nt0m/browse_thread/thread/62ef34de7d39d14b> Software description: First of all, this is a demo version with the full version the only difference is does not have the traffic detection function, because in the network if there are multiple such things to cause network chaos is inevitable, so the issue will do some limitations. No arp sniffer In arp firewall, a two-way binding environment under effective control the other traffic Completely hidden, through any arp is a firewall. Need. net support, administrator permissions to run. Does not support the wireless card Method of use: Set the NIC, ip,attack strength Manually add or auto-scan the host to the host list Hook on a host, start it. Animation address:<http://www.cncert.net/labs/Skiller.swf> Software download address:<http://www.cncert.net/labs/Skiller.rar> cncert....@gmail.com that cncert....@gmail.com 2008-01-10 Test environment: Several XP SP2 machine, a windows 2 0 0 3 The machine is my machine and, uh, the capture tool: Sniffer Portable 4.7.5 Under test, this test software can indeed break 360AntiARP, etc. all in the client installation of anti-ARP attack on the firewall, behind there will be a specific analysis, you will know why I say so. This test software that the end is directly spoofing the packet to the gateway, here assumed to be A direct spoof the gateway, for want to attack another party, here assumed to be B, it just does not have any action, this will result in the machine B installed on any anti-ARP attack on the firewall, no matter how the underlying filter are no use to anyone. Specifically, if the attacker C to B this way on the ARP attack, at the machine B installed on any anti-ARP attack, the firewall will not have any reflection, although it is still very hard to monitor from the network over data packets, but it is this time still think social is still very Taiping, because it didn't know on the same network there is another very evil guys are attacking its owner, really kill in invisible。。。。 ! /Article/UploadPic/2008-2/20082295445577.jpg From the figure above, as well as some of my test results, I can tell you, it is nothing more than a fake is an attack party B's IP and MAC address to a certain frequency directly to send very small packets to fool the gateway, specific performance: the fake attack party B's IP and MAC address to each investigation 6 0 bytes(with the gateway to the arp broadcast data packet as large as the data directly to the gateway, the transmission frequency is software mentioned on the intensity setting, if you set the intensity is 2 0, then it will automatically be 0. 0 5 seconds the frequency of the automatic transmission 1 8 bytes of UDP data, the content is 0 2 1 0 2 1 0 0 a9 5a c0 0 0 4f e4 5e e8 4b b8 6 5 c3 4 0 0 3 to the gateway, so as to achieve the purpose. Don't know you have not encountered such a situation-the gateway setting is the IP with the MAC binding, an unauthorized person will not be able to access the Internet. But I can tell you one without any tool can also be implemented to deceive the gateway of tips: first, put our machine on the MAC address into the Internet in the MAC address, the easiest way is you can directly ping the IP, ping not does not matter, arp-a you can immediately get to the IP of the MAC address, and then put your IP settings to his IP, like you can, don't worry the system prompts the IP conflict sort of thing. If you follow my method to do it, there will not be a big problem, and this time, even if you machine illegal access of Oh, the illegal access is not paid to the network sector, you can still access the Internet, but if the two of you are online, then there will be stuff, Internet unstable situation, but if there is one offline, that is your world pull, with only one premise: you want to method access the local area network. Finally, the defense bar, I think I really want to be able to Defense is similar to the software of attack, then, only to find a such a gateway--both the IP with the MAC static binding, also can put the MAC address with the physical access port in static binding, or do interface-based VLAN, so that it is the best. But I think such a device now is not very popular。。。。。。 So I hope you don't play with fire, do bad things, we are learning techniques, test dismount on leave..。。。。。。 Supplement: alanshijl@gmail.com referred to the following issues Why use ethereal to catch the package that is the icq of the pack? This packet inside the udp data portion of the fill is what things? Because this tool uses the source port 4 0 0 0, now are generally icq uses port. In addition, I based my test results infer that if in this test the software based on the flow control feature, I think must be with the prior similar to those of p2p Terminator software in the covert aspects of no difference. That is in the testing software on the basis of the added traffic control feature, the client must be aware of, or is stability a super difference. Don't know you how think that is? Attach a piece of the contents of the packet analysis: ! /Article/UploadPic/2008-2/20082295445895.jpg