As I read in many white papers about attacks on Spanning Tree Protocol, I found mitm attack on two STP switches, one station and two ethernet NICs.
That attack is in most cases useless because:
- we need physical access to two (not one switch)
- two cards in station
As two cards are possible, that access to two switches in one ie. office is almost impossible.
My idea for modification of this attack needs:
- two stations to attack by mitm (A and B)
- two or more switches with STP protocol
- two attacking stations connected to two different switches in way beetween attacked stations (C and D)
A ---- switch 1 ----- switch 2 ----- B
| |
| |
C D
Take first scenario:
1. A - sends frame to B
2. Switch 1 - accepts frame and forwards it to switch 2
3. Switch 2 - accepts frame via link from switch 1 and forwards it to B
Second scenario:
1. Station C and station D starts to send frames to break link beetween switch 1 and switch 2, and announce non existing connection and switch from C port on switch 1 to D port on switch 2
A ---- switch 1 --X-- switch 2 ----- B
| |
| |
C --no conn-- D
2. Station A sends frame to B
3. Frame is forwarded to C station
4. Station C stores frame in memory
5. After equal timing station C and station D repair link beetween switch 1 and 2
6. station C resends stored packet to station D (ie in tunnel or encapsulated in ip packet)
7. stations C and D break link beetween switches 1 and 2
8. station D sends transmitted packet to station B
Advantages
- no need for one station with two links to two switches
- needs two stations, either compromised or not (in large multiswitch enviroment with many stations sometimes we can find in example two compromised windows or linux hosts)
- when we have good timing and packet detection method, we can separate one protocol connection from whole traffic
Disadvantages of method.
- stops whole traffic beetween switches, and needs delicate timing
- when link beetween switch 1 and 2 is working we can't see frames that flying across wire
Additional information.
- timing question, ie - retransmition time beetween tcp frames, and time to break and repair link - is it possible to do it before frame is retransmited?
Uh that's all. Please think about it is possible, because my programming skills are to low to make it working.
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/Baseline_Security/sec_chap7.html#wp1058965
分享到:
相关推荐
语言:Türkçe m8〜本地网络MITM攻击保护器 在可以在本地网络上完成的MITM攻击中,该应用程序可让您知道当您指向本地网络IP时。</ p>
Script for iptables, mitm prevent attack
M8〜本地网络MITM攻击保护器 一个应用程序,当您在本地网络上执行的MITM攻击中定向到本地网络IP时,会通知您。 支持语言:Türkçe
袭击中的人使用此攻击,我们可以捕获和修改在我们连接的网络内发送的任何数据提示。 由于ARP协议的弱点,这种攻击是可能的。 网络基础信息收集MITM攻击检测MITM攻击
Man in the middle attack
赠送jar包:mitm-2.1.5.jar; 赠送原API文档:mitm-2.1.5-javadoc.jar; 赠送源代码:mitm-2.1.5-sources.jar; 赠送Maven依赖信息文件:mitm-2.1.5.pom; 包含翻译后的API文档:mitm-2.1.5-javadoc-API文档-中文...
With an Active MitM attack targeting Web Applications, an attacker can steal users' private data for any site he chooses if his victim uses a public network to read the latest news headlines or ...
替补使用Scapy的小型python脚本使用Linux内置的Iptables进行ARP中毒和IP地址重定向,以执行MITM攻击。 目前,它的测试很有限,这意味着当心它不起作用。 另外,这会弄乱您的Iptable配置的规则,因此,如果您关心这种...
mitm6是一种利用Windows默认配置接管默认DNS服务器的测试工具
本项目由两部分组成HTTP 代理服务器 This will proxy all HTTP 1.1 transactions. It will make text substitutions in web pages to demonstrate a MiTM attack. It uses OpenSSL to forge SSL certificates and ...
资源分类:Python库 所属语言:Python 资源全名:ssh-mitm-0.3.6.tar.gz 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059
CloudFlare resolver [+]LFI Bypasser [+]Apache Users Scanner [+]Dir Bruter [+]admin finder [+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks [+]MITM - Man In The Middle Attack [+]Java ...
使用wincap的MITM 中间人攻击,局域网活动主机扫描程序
MiTM框架MiTM框架 MiTM攻击脚本已更新。 我删除了ettercap并将其替换为Bettercap。 我还添加了一些新的攻击媒介,其中包括: 强制门户-登录凭据/反向Shell思科Microsoft Forefront Sophos SQUID TrendMicro ...
mitm6-master.zip
ssh-mitm-拦截ssh流量 中间(mitm)服务器中的人,用于安全审核,支持公钥身份验证,会话劫持和文件操作 给个星星! :star: 这使我有动力开发该工具。谢谢! 0.4.3中的新功能-2021-03-09 与dropbear ssh客户端的...
mitm-阿森纳MiTM工具和脚本
E011-渗透测试常用工具-使用SSHMitm中间人拦截SSH
const mitm = require ( '@lemonce/mitm' ) ;const mitmServer = mitm . createServer ( ) ;API参考选项使用提供的选项实例化Mitm Server。 本节将讨论每个选项。 名称类型描述战略目的策略选项。 插座目的套接字...
MITM attacks are when a third device