flat assembler
Message board for the users of flat assembler.

Index > Heap > Fun and Harmless "Hacking"

Goto page Previous  1, 2, 3, 4  Next
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17473
Location: In your JS exploiting you and your system
revolution
But no password is required for the ARP trick. It is part of the network protocols. How would you know that they are not giving you bogus websites from their position on your WAN? I'm assuming here that your WAN is their LAN, is that right? And that you never see the real WAN because it goes to them first, is that right?
Post 09 Apr 2010, 11:44
View user's profile Send private message Visit poster's website Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
revolution wrote:
But no password is required for the ARP trick. It is part of the network protocols. How would you know that they are not giving you bogus websites from their position on your WAN?


Perhaps i'm a little ignorant of the trick, but does not the LAN connect directly to the intertnet via the WAN and ignore any other computer unless something on the LAN wants to mess with the WAN? AFAIK, any "tricks" would either require access to router configuration and/or the offending computer to become a bridge between the LAN and WAN.

Quote:
I'm assuming here that your WAN is their LAN, is that right? And that you never see the real WAN because it goes to them first, is that right?


What? My design is simple: WEB--WAN--LAN
Post 09 Apr 2010, 11:54
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17473
Location: In your JS exploiting you and your system
revolution
kohlrak wrote:
AFAIK, any "tricks" would either require access to router configuration and/or the offending computer to become a bridge between the LAN and WAN.
Yes, you got it, That is what the ARP trick does. It makes their computer effectively a bridge for everything on your WAN side data. All your data are belong to them, and you would never know any different until the shit hits the fan.

Theoretically you ISP can do it also. But since you have already placed your trust in the ISP then why go and screw that up by allowing someone other random AP rider to get into the stream that normally only your ISP sees?
Post 09 Apr 2010, 12:00
View user's profile Send private message Visit poster's website Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
revolution wrote:
kohlrak wrote:
AFAIK, any "tricks" would either require access to router configuration and/or the offending computer to become a bridge between the LAN and WAN.
Yes, you got it, That is what the ARP trick does. It makes their computer effectively a bridge for everything on your WAN side data. All your data are belong to them, and you would never know any different until the shit hits the fan.

Theoretically you ISP can do it also. But since you have already placed your trust in the ISP then why go and screw that up by allowing someone other random AP rider to get into the stream that normally only your ISP sees?


Erm, the LAN is connected by wire to the WAN router. Why would the LAN try to get packets from anywhere (on the WAN network) other than the WAN router (unless the WAN router was reconfigured)?
Post 09 Apr 2010, 12:05
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17473
Location: In your JS exploiting you and your system
revolution
Yeah:

Code:
Okay without ARP tricks:

Internet ISP <---> router 1 <---> router 2 <---> Your LAN
                      ^
                      |
                      |
                      v
               random AP rider    

Code:
BAD with ARP tricks:

OUT:

Internet ISP <---- router 1 <---- router 2 <---- Your LAN
                   ^      |
                   |      |
                   |      |
                   |      |
                   |      v
         random AP rider using ARP tricks

IN:

Internet ISP ----> router 1 ----> router 2 ----> Your LAN
                   |      ^
                   |      |
                   |      |
                   |      |
                   v      |
         random AP rider using ARP tricks    
Post 09 Apr 2010, 12:05
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17473
Location: In your JS exploiting you and your system
revolution
Post 09 Apr 2010, 12:16
View user's profile Send private message Visit poster's website Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak


Interesting... Sounds like something, though, that can potentially be fixed with appropriate router software (since the router forwards all requests anyway, why can't the router be the soul answerer to these?). But i do see your point, then.

However, fortunately, the LAN (knowing this, it should be powered on first) itself should ask for and receive an answer from the WAN as quickly as possible when the WAN powers on, thus making a race condition in favor of the WAN (since the connection is hardwired). Requests for websites should go under requests to the router's DHCP server (or whoever the router forwards that request to) and to anyone who answers the ARP. Since all this is cached into the LAN's cache long before an offender gets on the WAN, it is very unlikely to be a problem. Now, whether or not a cache entry can be overwritten (that article doesn't say) could pose a problem. Ultimately, once again, properly configuring the router (most WAN routers might be a problem here, but this can still be worked on, as the article did provide a solution to the problem) can mitigate the problem.
Post 09 Apr 2010, 12:35
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17473
Location: In your JS exploiting you and your system
revolution
It would just be easier to buy a third router and not worry about having all the right software and having things power up in a certain orders.
Post 09 Apr 2010, 12:39
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17473
Location: In your JS exploiting you and your system
revolution
kohlrak wrote:
Experts... You mean like the same experts who say that use of goto in C++ is worth failing a college student?
No. I don't listen to "experts" like that. Never have.
Post 09 Apr 2010, 12:46
View user's profile Send private message Visit poster's website Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
revolution wrote:
It would just be easier to buy a third router and not worry about having all the right software and having things power up in a certain orders.


And it would be easier to buy another internet connection than figure out which is the secure router and which isn't and how to connect them, etc.

Oh, by the way, since the computers on subordinate networks are visible to the above networks, it's still possible to wreak havoc (DOS, Flooding, etc) with the ARP trick with a Y configuration (since the arp replies are still sent locally). Though, Man in the Middle can no longer be done, other havoc can be wrought. And if you want to ignore worrying about proper configuration of the router by simply buying another one, you would have to deal with UPnP being enabled by default, and once again Man in the Middle is once again possible.

EDIT:

Quote:
No. I don't listen to "experts" like that. Never have.


Ah, good. You'd be surprised how many are out there.
Post 09 Apr 2010, 12:50
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17473
Location: In your JS exploiting you and your system
revolution
In the three router setup: ARP does not pass through a router. Only the local LANs are affected. So the random AP rider can only affect other random AP riders. Your LAN never sees what happens on the AP side.

It is not about "not knowing the proper configuration so buy a third". You still need to set up all three routers properly of course.
Post 09 Apr 2010, 12:55
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17473
Location: In your JS exploiting you and your system
revolution
kohlrak wrote:
You'd be surprised how many are out there.
I've seen my fair share of them.
Post 09 Apr 2010, 12:56
View user's profile Send private message Visit poster's website Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
revolution wrote:
In the three router setup: ARP does not pass through a router. Only the local LANs are affected. So the random AP rider can only affect other random AP riders. Your LAN never sees what happens on the AP side.


Code:
ROUTER A========================> Router B (Public WAN)====> Computer B1
        \                                              \ ...
         \                                              \====> Computer BN
          \======================> Router C (Private LAN)===> Computer C1
                                                         \ ...
                                                          \====> Computer CN
    


The B group computers see all the B group computers PLUS routers A, B, and C.

The C group comptuers see all the C group computers PLUS routers A, B, and C.

So, if i can broadcast my ARP to router A and B from a computer behind router C, B group's toast. Looking at wikipedia's example packet format, that may or may not be possible depending on how smart router C is about whether or not it'll forward it or not. Now, for Man in the Middle using UPnP, computer group C establishes router C for whatever, then uses UPnP to open whatever ports are necessary for whatever's being hijacked. If my other router wasn't bricked and if i knew how to send ARP packets manually, I'd try this out right now for you.

Quote:
It is not about "not knowing the proper configuration so buy a third". You still need to set up all three routers properly of course.


Just double checking. Very Happy

Quote:
I've seen my fair share of them.


Unfortunately, only the goto guys are easy to spot. Many, many "experts" exist out there wearing labcoats when talking about physics, holding bibles while talking about theology, etc. They might even have the paper to support it, along with a large fanbase to make them look smart.
Post 09 Apr 2010, 13:13
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17473
Location: In your JS exploiting you and your system
revolution
ARP does not pass through a router. You can't ever see downstream routers. You can't ever send ARP outside your LAN.

The B group computers see all the B group computers PLUS router B. Nothing else.
Post 09 Apr 2010, 13:16
View user's profile Send private message Visit poster's website Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
revolution wrote:
ARP does not pass through a router. You can't ever see downstream routers. You can't ever send ARP outside your LAN.


Are you sure? The packet clearly has a destination IP field. I would actually expect a router to forward it as soon as it says "wait, this isn't intended for me."

Quote:
The B group computers see all the B group computers PLUS router B. Nothing else.


If that were the case, any computer behind router A would not be able to see the internet.
Post 09 Apr 2010, 13:19
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17473
Location: In your JS exploiting you and your system
revolution
kohlrak wrote:
Unfortunately, only the goto guys are easy to spot. Many, many "experts" exist out there wearing labcoats when talking about physics, holding bibles while talking about theology, etc. They might even have the paper to support it, along with a large fanbase to make them look smart.
Yep. Popular != expert. Popular != smart. Popular just means charismatic, or beautiful, or both.
Post 09 Apr 2010, 13:20
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17473
Location: In your JS exploiting you and your system
revolution
kohlrak wrote:
revolution wrote:
ARP does not pass through a router. You can't ever see downstream routers. You can't ever send ARP outside your LAN.


Are you sure? The packet clearly has a destination IP field. I would actually expect a router to forward it as soon as it says "wait, this isn't intended for me."
Yes. Of this I am 100% sure. ARP never ever passes through a router. Never. Not ever. Cannot. Won't. Can't. Wink
kohlrak wrote:
Quote:
The B group computers see all the B group computers PLUS router B. Nothing else.


If that were the case, any computer behind router A would not be able to see the internet.
You "see" the internet through the gateway. You can't see past the gateway. The gateway has to be on your LAN. Obviously the gateway needs at least two ports, and we generally call them WAN-side and LAN-side. Often the gateway is also the router, but not always.
Post 09 Apr 2010, 13:23
View user's profile Send private message Visit poster's website Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
revolution wrote:
kohlrak wrote:
revolution wrote:
ARP does not pass through a router. You can't ever see downstream routers. You can't ever send ARP outside your LAN.


Are you sure? The packet clearly has a destination IP field. I would actually expect a router to forward it as soon as it says "wait, this isn't intended for me."
Yes. Of this I am 100% sure. ARP never ever passes through a router. Never. Not ever. Cannot. Won't. Can't. Wink


To say "can't" would be incorrect. If the destination IP were to be read, the packet could be forwarded. It's just a matter of whether the router will want to or not (That means, although "never" could be true, you don't want to rely on it because it could easily become a really dumb bug [which wouldn't be unusual] that would go largely undetected).

Quote:
kohlrak wrote:
Quote:
The B group computers see all the B group computers PLUS router B. Nothing else.


If that were the case, any computer behind router A would not be able to see the internet.
You "see" the internet through the gateway. You can't see past the gateway. The gateway has to be on your LAN. Obviously the gateway needs at least two ports, and we generally call them WAN-side and LAN-side. Often the gateway is also the router, but not always.


Right. The first gateway from computer B1 is Router B. Router B will thusly treat router A and router C as the ISP's network. It'll learn from A what it's "external IP" is, it'll learn to get DNS and so forth from A, but it'll still give access to C. Whenever B1 asks for meow.com, it'll ask router B, who will ask Router A, who will ask the ISP's network because it's treating the modem the same way router B is treating router A.

EDIT:

Quote:
Yep. Popular != expert. Popular != smart. Popular just means charismatic, or beautiful, or both.


Unfortunately, most people don't understand that. Sad
Post 09 Apr 2010, 13:32
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17473
Location: In your JS exploiting you and your system
revolution
But the ISP network is not a special version of hardware. It is also just a bunch of routers, all forwarding to other routers, all forwarding to other routers, all forwarding to other routers, ... just like your mini ISP that you described. Can you "see" your ISPs downstream routers? I bet you can't.
kohlrak wrote:
Right. The first gateway from computer B1 is Router B. Router B will thusly treat router A and router C as the ISP's network. It'll learn from A what it's "external IP" is, it'll learn to get DNS and so forth from A, but it'll still give access to C. Whenever B1 asks for meow.com, it'll ask router B, who will ask Router A, who will ask the ISP's network because it's treating the modem the same way router B is treating router A.
That is why we make sure we set up the routers properly. It is not difficult, just set the gateways, network masks and WAN IP's and you're done. Router B & C use A's IP as a gateway. Router A's gateway is your ISPs WAN IP they give you.
Post 09 Apr 2010, 13:47
View user's profile Send private message Visit poster's website Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
[quote="revolution"]But the ISP network is not a special version of hardware. It is also just a bunch of routers, all forwarding to other routers, all forwarding to other routers, all forwarding to other routers, ... just like your mini ISP that you described. Can you "see" your ISPs downstream routers? I bet you can't.

Actually, i can to some degree. For example, i'm looking at the modem downstream right now. I'm behind my router on a wireless laptop, but i'm looking at the modem logs right now. If i could remember the IP of some of the servers, i could easily ping them and interact with them and things like that, just as i can access my modem (unlike my modem, however, they don't use the 192.168.*.* range).

On an unrelated note, one of the entries is interesting, so i'm going to post a screenshot.

Quote:
kohlrak wrote:
Right. The first gateway from computer B1 is Router B. Router B will thusly treat router A and router C as the ISP's network. It'll learn from A what it's "external IP" is, it'll learn to get DNS and so forth from A, but it'll still give access to C. Whenever B1 asks for meow.com, it'll ask router B, who will ask Router A, who will ask the ISP's network because it's treating the modem the same way router B is treating router A.
That is why we make sure we set up the routers properly. It is not difficult, just set the gateways, network masks and WAN IP's and you're done. Router B & C use A's IP as a gateway. Router A's gateway is your ISPs WAN IP they give you.


Fortunately all of this is done for you. To make Router C invisible to computer group B, router B must be told that router C doesn't exist. In other words, it must be sent one of these crafted ARP signals. Or, router A could deny router C exists when router B attempts a connection to router C for computer group B. However, that would take some special router configuration, which might not be possible on some routers (which means shopping for a really good one, which would render the purpose of the extra security mote because it's already fine as it is, since routers B and C would also be custom [linux based as opposed to commercial routers] and likely would have good enough programming to block the obviously malicious stuff).

EDIT: I totally forgot to attach it...


Description: Check the date...
Filesize: 169.56 KB
Viewed: 3282 Time(s)

Screenshot-1.png


Post 09 Apr 2010, 14:05
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.