ARP Spamming with Arduino

>>60916299
>will it work
no
>how easy can they detect
very

>>60916315
well it does work on my network at home but im guessing most large networks have some sort of protection against it

>>60916315
Also the MAC adress it has is not real

>>60916333
It's called Dynamic ARP Inspection and DHCP snooping
Also, edge ports are usually limited to 1 or 2 learnt MACs (PC or VoIP phone and PC)
Excessive MAC moves are usually also monitored
If they use Private VLANs it won't affect any others

>>60916713
anon is right, but most enterprises arent configured properly so there is a chance it will work. that being said, its massively faggotish of you to want to do that to a network.

>>60917460
newbie here
do what? is ARP spamming is some kind of ddos attack?

>>60917647
depends on if its targeted or not. you can try to MITM traffic using ARP flooding, but if you are broadcasting ARP for everything then yes, you could create a DOS scenario.

>>60917677
wait, MITM with ARP flooding? how? it pretends to be one of the receivers?
few months ago i was wondering if i could MITM attack on the company i was working for(big retail store with bunch of retard leaders)
the network was so fucked up to begin with that they couldnt notice it at all, i had direct line to the main router, however for some ungodly reason they had 7 IPS subscriptions, all of them to the same fucking company and gave up about there

>>60917731
yes, you flood the target with arp's saying you are the gateway, and then tell the switch you are the host you are trying to MITM. run tcpdump and extract what you want from it. encrypted connections are still encrypted, but there are something out there that can proxy that kind of stuff.

>>60917731
>wait, MITM with ARP flooding
"ARP poisoning" is when you advertise your hardware address for an IP address that another device is trying to connect to. When the other device sees that your hardware address is the device they're trying to talk to, it will send you traffic instead. That lets you gather packets intended for another device.

>>60917804
>>60917783
in MITM the original receiver still gets the message from the host right? shouldnt ARP flooding clog up the whole network after a few packets? or the host doesnt even care that he just gets duplicate responses all the time?

>>60916299
what is BPDU Guard

>>60917889
>in MITM the original receiver still gets the message from the host right
You can redirect traffic with ARP poisoning, so you could have a device send you traffic, read it/modify it, send it to the originally intended device, get the response, read it/modify it, and send it back. It's a way to do a MITM on a layer 2 network without having your device physically "between" 2 devices.

>>60917929
damn...
lost the touch since cisco courses
recommended places to get back on the horse?

Will iptables block this? For example, I have UFW enabled on all my local machine, and when I ping a local address, I get "Host unreachable". and arp shows "Hwaddress" table for the address as "(incomplete)".

>>60917951
Shit, I have no idea. I'm still trying to get into Metasploit but I've actually been busy with projects at work so I don't have time for it. I bought a book from the library for a buck when they were trying to get rid of old books and it was a pretty easy read, it was good for an overview on various exploitation techniques.
Metasploit is kind of skid-tier, but it's great for learning if you actually dig into the exploits and learn how they work.

>>60917957
>Will iptables block this
Not really. If you want to stop it your only real options are managed switches with security against it, or adding static ARP entries to stop ARP spoofing. Even with static ARP entries you'd still need a managed switch with security to stop a device from pretending to have another device's MAC address and causing havoc, but you'll be able to force IP to MAC from getting fucked up.

>all of this thread
>no fucking dot1x
Sure smells like summer in here

>>60918140
>smells like summer
you do know that this line is mostly used by those who are not even 1 year on the site but they feel like they're oldfags do you?

File: Capture.png (9KB, 1168x65px) Image search: [Google]

9KB, 1168x65px

>>60917951
Also, if you're going to try using Metasploit/other exploit tools to try to learn hands-on, you'll probably want to set up a lab for it. I bought pic related off Ebay for 100 bucks (+40 dollars shipping) and it can handle a very feature filled test lab. The only downside is it's about 150 watts, so if you spend more you can get something better that's less power hungry.

>>60918140
Brainlet here, can someone explain?

https://en.wikipedia.org/wiki/IEEE_802.1X

>>60918193
Certificate or password authentication when you connect to a switch.

We just rolled out Cisco ISE at work. That shit ain't happening on my LAN.

>>60918193
It puts the auth(entic|oriz)ation in the ethernet

>>60918242
isnt cisco the one that had a security vulnerability so severe that about 25000 companies' network got totally exposed last year or so?

>>60918276
Uh, every single vendor has vulnerabilities. Not sure which specific vuln you're talking about. Source?

>>60918242
>Cisco
Or as I have taken to calling it, NSA plus Cisco

>>60918293
cant find the exact but it was all over the internet for how epic of a flaw it was
maybe this, but not sure
https://threatpost.com/cisco-netgear-readying-patches-for-samba-vulnerability/125974/

>>60918343
>https://threatpost.com/cisco-netgear-readying-patches-for-samba-vulnerability/125974/
That's Samba though. There was something with the Cisco default config that let people log into the switches (pretty fucking severe), but that only affected retarded companies (most of them) that didn't change the default passwords.

File: Capture.png (109KB, 631x884px) Image search: [Google]

109KB, 631x884px

>>60918343
>>60918378
Also https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
There was also stuff for it in one of the recent Vault7 releases.

>>60918378
Ya, that's gotta be for really dumb engineers. That's obviously best practice to change default, or better yet use TACACS.

>>60918378
>>60918343
>>60918276
Not him, but Cisco was in bed with the NSA for years. They claim they broke up though, for anything it's worth.

>>60918189
Sore much?

>>60918449
i've been here for the past 10 years, my feathers are perfectly calm, these swats aint shit

>>60918478
And I am moot desu

>>60918517
really? how does it feel losing the site you appleserver using faggot?