Saturday, June 30, 2012

HOWTO : Protect you from being ARP spoofing

Updated on Dec 4, 2014.

ARP spoofing is a kind of Man-in-the-Middle (MiTM) attack and it affects the machines in the subnet.

Who will affected? Almost all. Free wifi connection even it is encrypted by WPA/WPA2. Your local network. The machines inside a subnet.

How about using SSL and SSH as well as VPNs? No, those cannot protect you from being attacked by ARP spoofing. Even a switch cannot protect you from being attacked. Please refer to this presentation.

ARP security often ignored and nobody cares about lower layer security nowadays. ARP attacks are real threat with high impact.

How can I protect myself from being attacked? Yes, you can. The following tools will alert you when the attack is taking place.

If you are Linux users, you can use ArpON. If you are Windows users, you can use XARP - Advanced ARP Spoofing Detection.

For Ubuntu or Debian users, you can install it by the instruction at ArpON on Kali Linux 1.0.9a.

If you are Mac OS X users, you can use ARP Guard. ArpON on Mac OS X Yosemite 10.10.1

If you are Android users, you can use WiFi ARP Guard.

ArpON for Linux can protect you from the attacks and the others are just alert you for the attacks only. In addition, ARP Guard costs money while the others are free of charge.

Or, if you do not want to install the captioned software and your router can set static ARP, do it and your subnet is protected upon set.

Please note that ARP Guard for Mac OS does not do the job well. It cannot detect any ARP spoofing when I test it on Mac OS X 10.10.1.

There is another way to protect your from ARP spoofing attack if you are a Linux user and do not want to install the captioned software. You can follow the instructions in the following video which was created by xiedi01 :



Want to see a demo how ARP spoofing works? Yes, the demo is by Hak5 and it starts at 07:24 for the first demo.





The following demo is conducted under Back|Track 5 R2 by MasterButcher68.



There are some tools that make this attack automatically and the attackers requires no skill to do so. Even a script kiddies can handle it. The following is one of the tools, namely YAMAS - Yet Another Man in The Middle Automation Script.



That's all! See you.

Tuesday, June 19, 2012

HOWTO : BackTrack 5 R2 on Intel X79 Express and nVidia display cards (The better way)

Uninstall the manual installed driver

Previous HOWTO is here.

If you followed the previous HOWTO to install the nVidia driver, you can uninstall it by the following command :

./NVIDIA-Linux-x86-295.20.run --uninstall

The better way to install nVidia driver

Step 1 :

add-apt-repository ppa:ubuntu-x-swat/x-updates

apt-get update
apt-get install nvidia-current nvidia-current-modaliases nvidia-settings

Step 2 :

Reboot your system.

After reboot, you issue the following command :

nvidia-xconfig
splash-fix

Then, reboot your system again.

If you install the nVidia driver this way, you are not required to reinstall the driver after the kernel is updated.

You can follow the other parts of tutorial in the previous HOWTO for sample code of CUDA and Pyrit.

That's all! See you.

Wednesday, June 06, 2012

HOWTO : VPN (PPTP) on BackTrack 5 R2

Step 1 :

apt-get update
apt-get dist-upgrade


apt-get install network-manager-gnome network-manager-pptp

Step 2 :

cp /etc/network/interfaces /etc/network/interfaces.bak

nano /etc/network/interfaces

Delete all entries but left the first two lines behind.

auto lo
iface lo inet loopback


Step 3 :

service network-manager start

Step 4 :

System >> Startup Applications >> Network Manager

Append "&" on the end of the Command. It will be looked like this :

nm-applet --sm-disable &

Make sure Start dhclient is enabled in the menu of Startup Applications.

Reboot the system and then configure your VPN (PPTP) as usual.

Make sure Advanced >> Use Point-to-Point encryption (MPPE) is enabled in the Configuration of PPTP.

That's all! See you.