Spoofing Tools
The Auditor collection includes many spoofing tools designed to spoof ARP, DNS, DHCP, ICMP, UDP/TCP/IP, Cisco routing protocols, and Wake on LAN (WOL) protocols. Spoofing tools let you generate for testing purposes (e.g., for checking a firewall or Intrusion Detection System—IDS—rule) most types of packets used for subverting or exploiting vulnerable systems. Use the graphical IP Sorcery Packet Generator or the command-line tools Nemesis or Hping2 to generate most types of TCP/UDP packets from the command line. You can spoof not only the source and destination IP address and port but also many packet characteristics (e.g., you can create a TCP packet with the SYN flag or FIN flags set, you can create a packet of a certain size). For example, use Hping2 to create a custom packet designed to trip a specialized IDS rule that might otherwise be difficult to test.
You can use Auditor to set up basic penetration-testing labs. For example, set up a DNS server, a client computer, and an "attacker" system that runs Auditor. On the attacker, run Arpspoof to impersonate the DNS server's IP address. Also on the attacker, run Dnsspoof with a HOSTS file that contains bogus name-to—IP address mappings. From the client computer, try pinging a legitimate host on your network. Arpspoof will intercept the ARP broadcast for the real DNS server and replace it with the attacker's MAC address. The client will initiate a connection with the attacker to make its DNS query. Dnsspoof on the attacker will answer the request instead of the real DNS server. Many more scenarios are possible and let you get the experience you need to prepare for (or simply learn about) these types of attacks. Of course, try out such experiments on test systems only, and only with the blessings of your manager. . . .
)
Register
chances are that if you need to 'sniff' then you will already know how to get all these things installed.
Anonymous User April 08, 2005 (Article Rating: