Using Ettercap we will perform a Denial of Service attack.

Materials Needed:

• BackTrack LiveCD

Step 1: Start BackTrack

We will be using the security distribution Backtrack from http://www.remote-exploit.org due to it being preconfigured with most of the packages and tools we will be using. Any version of Linux will work for these tutorials, however you will need to install and configure the packages yourself before attempting these scenarios.

Boot Backtrack and when you are prompted enter 'root' and the password 'toor' then type 'startx' to start the graphical interface.

Step 2: Set up your Network connection

If your network is configured with DHCP then issuing these commands from the terminal will usually suffice to set things up.

root@slax> 'ifconfig eth0 up'
root@slax> 'dhcpcd eth0'

Step 3: Understanding Filters

Ettercap has many built-in tools to allow all sorts of network activity from sniffing to ARP spoofing. It also has the ability to use filters to focus its activity. For example, we want to block a host from the network, the simplest way to do that is to not allow any packets to be sent to or from the host we wish to block. Ettercap filters allow us to do just that.

Step 4: Let's Write a Filter

Fire up a text-editor like KWrite by typing 'kwrite' into the 'Run Command' menu and type in this block of text, replacing 'Target IP' with the IP address of the host you wish to keep from sending or receiving packets,

if (ip.src == 'Target IP' || ip.dst == 'Target IP') {
drop();
kill();
msg("Packet Dropped\n");
}

Save it as dos.eft in the /usr/local/share/ettercap directory.

This scripting language is fairly straight forward. Our script looks to see if the Source IP OR Destination IP matches our target. If it does it drops the packet and sents a RST signal to the other machine our target was attempting to communicate with. It then outputs a message to our screen so we know a packet was dropped.

Step 5: Compile our script

Now we have our file dos.eft saved in /usr/local/share/ettercap/ and are ready to compile it. Ettercap uses a program called etterfilter to compile filter scripts into files usable by the program. To run it and compile our script we simply type:

root@slax> 'etterfilter dos.eft -o dos.ef'

Step 6: Start up Ettercap

Click on the BackTrack Menu at the bottom left of the screen, then select 'BackTrack', 'Sniffers' and 'Ettercap'

Step 7: Select 'Unified Sniffing'

Click 'Sniff' then 'Unified Sniffing' tell Ettercap to use eth0 or the network interface you've configured.

Step 8. Scan for Hosts

Click 'Hosts' then 'Scan for Hosts'

Step 9: Add our Target

Click 'Targets' then 'Targets List' then 'Add Target' under the Target 1 window. Type in the IP address of our target host.

Step 10: Start the MitM attack

Click 'Mitm' then 'ARP Poisoning' this time don't select either option, simply press 'OK'

Step 11: Load our Filter

Click 'Filters' then 'Load Filter' and select dos.ef from /usr/local/share/ettercap/

Step 12: Watch it block our target from the LAN

With the filter loaded Ettercap is now actively keeping packets from our host.