Posted inNetworking

networking – Abnormal ARP spoofing behaviour- what can I do?

[ad_1]

Firstly, I am unsure as to whether this question is on-topic here, or whether it is more suited to SuperUser.


Being a security researcher, I have been attempting to secure my wireless LAN against arp spoofing, by successfully arp spoofing in the first place.

I can, and have, obtained a successful wireless arp spoof around the victim device, acting a MiTM between it and the real gateway AP. But the problem is that the victim also communicates with the legitimate gateway at the same time, and not solely through me.

A Wireshark reconnaissance setup on the victim revealed this.

To catch you up to speed:

  • The victim has a sole network card, that, running on Windows, is just in normal managed mode.

  • I am just performing a standard arp spoofing attack, through a wireless network card, Linux.

  • In the victim’s, and my (attacker) arp table, spoofing is apparent.

  • But the gateway is also visible as another primary address.

  • The victim doesn’t swap between me and legit gateway, it communicates with us both at the
    same time.

  • The packet count is around “50/50” between us, inbound and outbound to the victim (e.g. when a network request/response is made.)

  • Before you ask, packet forwarding is enabled on the my attacker machine.

I can’t deauth (sending deauth packets to) the victim, because it would also deauth me (the attacker).

Of course, because the victim device is mine and only a dummy, I could configure it to only communicate with me attacker, but that isn’t realistic and would defeat the whole purpose.

My question: What else can I try, from an attacker’s point of view? (E.g. changing settings on the victim isn’t an option.)

Is more information needed?

[ad_2]

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *