8

I tried just tried to migrate a MITM attack using hping3 with ICMP Redirects in my testlab. 

hping3 -I eth0 -C 5 -K 1 -a 192.168.2.1 --icmp-ipdst 192.168.2.15 --icmp-gw 192.168.2.100 --icmp-ipsrc 192.168.2.105 192.168.2.105

I'm at 192.168.2.100, the victim is at 192.168.2.105, the DNS-Server is at 102.168.2.15 and the (real) gateway is at 192.168.2.1. Now I wanted to bring the victim to redirect all traffic for the DNS-Server through my Laptop. The generated packets look well in wireshark but the Vicitim (Windows 7) isn't changing its routing table based on the redirect packet.

I looked this up and found some posts implying that Windows 7 in general does not accept ICMP Redirects as an advice for routing. Are there any current Operation Systems that still accept ICMP Redirects?

davidb
  • 4,285
  • 3
  • 19
  • 31

1 Answers1

3

ICMP redirects have been disabled in many Windows XP and Windows Server 2003 environments since the introduction of the first service packs. You might find it in legacy Windows infrastructures, but I doubt you will find it in Vista-era or later.

To detect whether or not ICMP redirects will work on any given network, use the Responder.py tool in "Analyze Mode" as seen in the fifth section of this blog post -- https://www.trustwave.com/Resources/SpiderLabs-Blog/Responder-2-0---Owning-Windows-Networks-part-3/

Best would be to use a tool such as EvilFOCA, or to see this other StackExchange post on using dns2proxy with sslstrip2. Many of these techniques will provide MITM conditions.

Community
  • 1
atdre
  • 18,885
  • 6
  • 58
  • 107