EvilFOCA ? Network Attack Toolkit
ACK injection consists of an attacker monitoring a DHCP conversation between the DHCP server and a potential network node, and at some point during the conversation, sending a packet to interfere with the conversation. By controlling the DHCP process, the attacker controls the association between the IP address and MAC address of the sheep device - an alternative attack to ARP Poisoning with the same end.
EvilFOCA – Network Attack Toolkit
DNS Hijacking consists in modifying the way the sheep's DNS system works. This can be achieved at multiple levels (e.g., at the system level, by breaking into and modifying the client's system to permanently point to a pirate DNS server; or at the network level, by conducting a MITM attack on DNS requests.) By poisoning routes, the attacker receives the sheep's DNS requests and can respond to specific DNS requests from the sheep to a destination of the attacker's choosing.
A DNS denial of service can be achieved by blocking the DNS channel, and removing the ability of the sheep's system to resolve network and web requests. By funneling some or all of the sheep's DNS requests into this black hole, the attacker can successfully create a denial of service of network resources for the sheep.
In this attack, an attacker wishes to create a denial of service for a sheep. The attacker will overwhelm the sheep's network card with traffic, so that it can't possibly continue to function normally. The attacker does so by spoofing a large number of DNS queries that look like they come from the sheep's machine, that ask "What is the IP address of google.com?" When this packet reaches a DNS server, it will respond with a packet that says "The IP address is A.B.C.D". By spoofing a large number of queries, and sending them to a large number of DNS servers, the attacker creates a network packet tsunami that drowns the sheep's network card.
Time to make changes to the system and set up IPv6. The first choice to make is if we want to use automatic configuration, or do it by hand. The first option simplifies things a lot. Using manual configuration gives you more control regarding the configuration. It also counters a few known attacks, so for specifically hardening purposes it is the best bet. The best option for your environment? It really depends on your networking architecture and what type of machines are in it.
To protect against denial of service (DoS) attacks, limiting resources is usually a good counter measure. At the same time caution is advised, as sometimes changes can actually increase the chance of an accidental denial of service by legitimate usage. So in all cases check the business purpose of your machine and what a typical network load is expected.
Firewalls are still a common hardening measure. Its effectiveness to filter out network traffic is high, while rulesets are usually fairly easy to set up. To counter some of the attacks on Linux systems, we can filter out some of the bad traffic involved with known IPv6 attacks.
This has been discussed for years and there are several exploitation tools available to mount an attack yet awareness of the problem seems to be very very low. Essentially the problem is that most OSes have IPv6 enabled and prefer it over IPv4, yet almost all local networks are IPv4 only. An attacker can advertise himself as an IPv6 router, and your OS will start sending all your traffic to him because IPv6 is preferred. He only needs to be on the same local network as you are, which is the case for public WiFi etc.
MITM over IPv4 networks with ARP Spoofing and DHCP ACK Injection.MITM on IPv6 networks with Neighbor Advertisement Spoofing, SLAAC attack, fake DHCPv6.DoS (Denial of Service) on IPv4 networks with ARP Spoofing.DoS (Denial of Service) on IPv6 networks with SLAAC DoS.DNS Hijacking.The software automatically scans the networks and identifies all devices and their respective network interfaces, specifying their IPv4 and IPv6 addresses as well as the physical addresses through a convenient and intuitive interface.
clusterd - inclusterd is an open source application server attack toolkit. Born out of frustration with current fingerprinting and exploitation methods, clusterd automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack.Author: bryan alexanderLicense: MITcommandLine('clusterd');
Intercepter-NG - Intercepter-NG is a multifunctional network toolkit for various types of IT specialists.The main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.