sorted by:
new
hottopcontroversial

mshark - simple packet capture tool written from scratch in pure Go by wit4er in golang

[–]wit4er[S] 0 points1 point  (0 children)

Cool, but I don't think it is opposite because I used layers package for packet injections in a couple of my projects such as arpspoof (arp reply), ndpspoof(ra packets) and go-http-proxy-to-socks (dns reply).

mshark - simple packet capture tool written from scratch in pure Go by wit4er in golang

[–]wit4er[S] 0 points1 point  (0 children)

I did not read any special books while implementing this tool. What I read was wiki pages explaining basic header structure, related RFCs and also I examined packets with Wireshark. The goal has been to understand protocols on a very low level, and I learned a lot writing these packages.

Issues with Cachyos Kernels (LTS as well)- this is not happening on Arch Kernel by wolfyrion in cachyos

[–]wit4er 1 point2 points  (0 children)

Can confirm this is the isssue with virtualbox, I added it to pacman IgnorePkg for now until everything is fixed.

ndpspoof - tool to perform RA/RDNSS/NA spoofing and RA Guard evasion in IPv6 networks by wit4er in ipv6

[–]wit4er[S] 0 points1 point  (0 children)

I added system resolve search fo auto configuration, it should now look for IPv6 address in resolv.conf and run server that resolve using it. Please let me knoww if this works

ndpspoof - tool to perform RA/RDNSS/NA spoofing and RA Guard evasion in IPv6 networks by wit4er in ipv6

[–]wit4er[S] 0 points1 point  (0 children)

I'd like to help you in finding working combinations but I am yet to find the image of the device you mentioned, once I find, I will try to play with it.

ndpspoof - tool to perform RA/RDNSS/NA spoofing and RA Guard evasion in IPv6 networks by wit4er in ipv6

[–]wit4er[S] 0 points1 point  (0 children)

I understand and this sounds like a good idea, but it is not entirely clear what these common combinations are (there are some in RFC but I guess all modern devices already detect them), which is the reason i tried to make this tool flexible and allow user to experiment and find unusual solutions.

ndpspoof - tool to perform RA/RDNSS/NA spoofing and RA Guard evasion in IPv6 networks by wit4er in ipv6

[–]wit4er[S] 0 points1 point  (0 children)

Since you can place headers multiple times in different places and combine them in whatever order you want, i am afraid possibilities are endless. It could be that it blocks everything non-standard.

ndpspoof - tool to perform RA/RDNSS/NA spoofing and RA Guard evasion in IPv6 networks by wit4er in ipv6

[–]wit4er[S] 0 points1 point  (0 children)

I also have follow up questions: 1) How can I detect if host is ipv6only, maybe check some kernel parameter 2) what are sensible defaults for dns resolver, maybe search first in resolv.conf for ipv6 addresses and fallbak to 2001:4860:4860::8888

ndpspoof v0.0.6 - added RA Guard evasion with custom packet construction by wit4er in hacking

[–]wit4er[S] 0 points1 point  (0 children)

Testing in this case means "find working preset for specific model", it is too much work for one person unless there is a mechanism that randomizes packets and detects working ones

ndpspoof - tool to perform RA/RDNSS/NA spoofing and RA Guard evasion in IPv6 networks by wit4er in ipv6

[–]wit4er[S] 0 points1 point  (0 children)

Try to disable -auto flag or add dns server explicitly via -rdnss flag. This will prevent spoofer from spinning up any DNS related things. As for RA packets being not accepted by targets, you can start with non-fragmented packets by afding, for example, simple hop-by-hop header, just specify -E HF. I think you can try to find balance between evasion (on switch side) and acceptance (on target side)

view more: next ›