La víctima pierde la conexión a Internet durante el ataque MITM

0

Intenté realizar un ataque MITM en mi red. Activé ettercap , marcé mi enrutador como TARGET1 y mi segunda computadora como TARGET2. Entonces habilité 'ARP Spoofing'. No sé por qué, pero después de esta operación mi víctima perdió la conexión a Internet. No veo nada en urlsnarf . Parece que ambos lados de mi plan se conocen, hay algunos problemas: a continuación, publico los resultados de la captura de Wireshark.

Mi pregunta es? ¿Qué hago mal? ¿Qué debo mejorar para hacer un buen ataque MITM? Para este ataque utilicé una tarjeta Wi-Fi externa, también tengo una interfaz más integrada (estaba conectada a la misma red). He habilitado el reenvío de ipv4 ( cat /proc/sys/net/ipv4/ip_forward == 1).

Resultados de la captura de Wireshark:

   No.     Time           Source                Destination           Protocol Length Info
      9 0.582284000    Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 9: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
     10 0.582393000    Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 10: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 9)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 9)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    118 10.582643000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 118: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    119 10.582701000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 119: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 118)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 118)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    140 20.582933000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 140: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    141 20.582995000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 141: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 140)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 140)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    171 30.583194000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 171: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    172 30.583261000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 172: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 171)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 171)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    185 40.583479000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 185: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    186 40.583543000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 186: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 185)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 185)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    330 50.583765000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 330: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    331 50.583831000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 331: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 330)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 330)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
    333 51.601767000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     Who has 192.168.0.1?  Tell 192.168.0.101

Frame 333: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (request)

No.     Time           Source                Destination           Protocol Length Info
    334 51.602934000   Tp-LinkT_8c:13:50     Tp-LinkT_21:e9:30     ARP      42     192.168.0.1 is at [ROUTER MAC]

Frame 334: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_8c:13:50 ([ROUTER MAC]), Dst: Tp-LinkT_21:e9:30 ([ATTACKER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1728 60.584062000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 1728: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1729 60.584131000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 1729: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1728)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1728)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1849 70.584400000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 1849: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1850 70.584480000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 1850: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1849)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1849)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1896 80.584691000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 1896: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1897 80.584765000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 1897: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1896)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1896)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1932 90.584985000   Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 1932: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1933 90.585049000   Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 1933: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1932)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1932)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1946 100.585252000  Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 1946: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1947 100.585312000  Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 1947: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1946)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1946)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1992 110.585539000  Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 1992: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   1993 110.585597000  Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 1993: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 1992)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 1992)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   2054 120.585783000  Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     192.168.0.100 is at [ATTACKER MAC]

Frame 2054: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   2055 120.585833000  Tp-LinkT_21:e9:30     AsustekC_a7:27:9a     ARP      42     192.168.0.1 is at [ATTACKER MAC] (duplicate use of 192.168.0.100 detected!)

Frame 2055: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: AsustekC_a7:27:9a ([VICTIM MAC])
[Duplicate IP address detected for 192.168.0.1 ([ATTACKER MAC]) - also in use by [ROUTER MAC] (frame 2054)]
[Duplicate IP address detected for 192.168.0.100 ([VICTIM MAC]) - also in use by [ATTACKER MAC] (frame 2054)]
Address Resolution Protocol (reply)

No.     Time           Source                Destination           Protocol Length Info
   2061 124.609742000  Tp-LinkT_21:e9:30     Tp-LinkT_8c:13:50     ARP      42     Who has 192.168.0.1?  Tell 192.168.0.101

Frame 2061: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_21:e9:30 ([ATTACKER MAC]), Dst: Tp-LinkT_8c:13:50 ([ROUTER MAC])
Address Resolution Protocol (request)

No.     Time           Source                Destination           Protocol Length Info
   2062 124.610917000  Tp-LinkT_8c:13:50     Tp-LinkT_21:e9:30     ARP      42     192.168.0.1 is at [ROUTER MAC]

Frame 2062: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Tp-LinkT_8c:13:50 ([ROUTER MAC]), Dst: Tp-LinkT_21:e9:30 ([ATTACKER MAC])
Address Resolution Protocol (reply)
    
pregunta TN888 22.11.2014 - 22:37
fuente

2 respuestas

3

Probablemente no esté enrutando su tráfico a la puerta de enlace.

Le dijo a la víctima que usted es la puerta de enlace y le dijo a la puerta de enlace que es la víctima, pero cuando la víctima intenta enviarle tráfico, no ha configurado su computadora para reenviar su tráfico a la puerta de enlace. >

Puedes lograr esto con iptables.

    
respondido por el returneax 01.10.2016 - 01:39
fuente
0

Debe asegurarse de que el tráfico fluya a través de su máquina. Para la puerta de enlace y la computadora, USTEDES son, respectivamente, la computadora o la puerta de enlace. Probablemente esté bloqueando todo el tráfico ahora al de, por lo que la computadora está perdiendo su conexión a Internet. No su LAN.

Soluciona esto en tu firewall, proxy. En Linux, iptables hará el trabajo. Una simple búsqueda en Google le dará la configuración correcta.

    
respondido por el Adam Sitemap 01.10.2016 - 13:18
fuente

Lea otras preguntas en las etiquetas