1

I've performed some man in the middle attacks (arp poisoning) using ettercap, stuffs on kali linux and i know how exactly it is working. but i was wondering if this attack could be even performed over internet ?! like poisoning clients on a router on our traceroute way ! i read about BGP/ip/prefix hijacking but i couldn't find any example or tutorial or a good guideline on how to perform these kind of attacks (seems nobody did it before ) ! i just wanna know is it really possible ? and if yes , i'd be glad if someone could suggest me a tutorial or anything i can learn them .

regards, mohammmad

1 Answers1

1

BGP hijacking is real and there are enough and easy to find reports in the internet, like this one or this one or this one. But of course you need to be at the right place to do it. Simple from your DSL connected system is not possible but you need to be at the level of ISP's which actually participate in BGP routing. Though you can still play with the techniques in your own virtual playground.

Of course poisining routers is possible too but even there you need to have access, i.e. only the ISP or government agencies.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • so what you mean is that it is not possible for me as a client of an ISP to do man in the middle or any of those ip/route/bgp/prefix hijacking ?! –  Apr 09 '16 at 08:37
  • 1
    @MohammadSiavashi: Yes, as long as you don't have access to the ISP level infrastructure which takes part of the BGP routing you will not be able to do BGP hijacking. Of course you might try to hack an ISP to get access to these infrastructure. – Steffen Ullrich Apr 09 '16 at 09:21
  • thanks for the clear answer . but one more thing , how about dns hijacking ? like setting a fake dns server and make others redirect to that ? is it possible ? (seems to be possible to me :D) –  Apr 09 '16 at 11:00
  • 1
    @MohammadSiavashi: you can others direct to your own name server but only for DNS queries which relate to your domain. This would not be DNS spoofing. For hijacking queries which are not for you you again would need to be a man in the middle, which you don't are. You might try with IP spoofing combined with brute-force blind DNS spoofing in the hope that exactly at this time somebody issues a query for the domain you are trying to spoof and with the same port number and query id you use. Not impossible but very unlikely - and your ISP need you to allow IP spoofing. – Steffen Ullrich Apr 09 '16 at 12:36