¿Cómo puedo evitar que mi ruta sea redirigida con la redirección de paquetes ICMP desde un intermediario?
Estoy buscando específicamente evitar que alguien use ettercap
con la opción -M icmp
. Desde man ettercap
:
icmp (MAC/IP)
This attack implements ICMP redirection. It sends a
spoofed icmp redirect message to the hosts in the lan
pretending to be a better route for internet. All connec‐
tions to internet will be redirected to the attacker
which, in turn, will forward them to the real gateway.
The resulting attack is a HALF-DUPLEX mitm. Only the
client is redirected, since the gateway will not accept
redirect messages for a directly connected network. BE
SURE TO NOT USE FILTERS THAT MODIFY THE PAYLOAD LENGTH.
you can use a filter to modify packets, but the length
must be the same since the tcp sequences cannot be
updated in both ways.
You have to pass as argument the MAC and the IP address
of the real gateway for the lan.
Obviously you have to be able to sniff all the traffic.
If you are on a switch you have to use a different mitm
attack such as arp poisoning.