Cómo prevenir la redirección de ICMP producida por un hombre en el medio

4

¿Cómo puedo evitar que mi ruta sea redirigida con la redirección de paquetes ICMP desde un intermediario?

Estoy buscando específicamente evitar que alguien use ettercap con la opción -M icmp . Desde man ettercap :

 icmp (MAC/IP)
                     This attack  implements  ICMP  redirection.  It  sends  a
                     spoofed  icmp  redirect  message  to the hosts in the lan
                     pretending to be a better route for internet. All connec‐
                     tions  to  internet  will  be  redirected to the attacker
                     which, in turn, will forward them to  the  real  gateway.
                     The  resulting  attack  is  a  HALF-DUPLEX mitm. Only the
                     client is redirected, since the gateway will  not  accept
                     redirect  messages  for  a directly connected network. BE
                     SURE TO NOT USE FILTERS THAT MODIFY THE  PAYLOAD  LENGTH.
                     you  can  use  a filter to modify packets, but the length
                     must be the  same  since  the  tcp  sequences  cannot  be
                     updated in both ways.
                     You  have  to pass as argument the MAC and the IP address
                     of the real gateway for the lan.
                     Obviously you have to be able to sniff all  the  traffic.
                     If  you  are on a switch you have to use a different mitm
                     attack such as arp poisoning.
    
pregunta user123456 05.12.2016 - 14:10
fuente

1 respuesta

1

Para eliminar IGMP e ICMP:

iptables -A INPUT -p ICMP -j DROP
iptables -A OUTPUT -p ICMP -j DROP

iptables -A INPUT -p IGMP -j DROP
iptables -A OUTPUT -p IGMP -j DROP
    
respondido por el user123456 06.12.2016 - 08:50
fuente

Lea otras preguntas en las etiquetas