3

How can I prevent my route to be redirected with redirecting ICMP packets from a man-in-the-middle?

I am specifically looking to avoid someone using ettercap with the -M icmp option. From man ettercap:

 icmp (MAC/IP)
                     This attack  implements  ICMP  redirection.  It  sends  a
                     spoofed  icmp  redirect  message  to the hosts in the lan
                     pretending to be a better route for internet. All connec‐
                     tions  to  internet  will  be  redirected to the attacker
                     which, in turn, will forward them to  the  real  gateway.
                     The  resulting  attack  is  a  HALF-DUPLEX mitm. Only the
                     client is redirected, since the gateway will  not  accept
                     redirect  messages  for  a directly connected network. BE
                     SURE TO NOT USE FILTERS THAT MODIFY THE  PAYLOAD  LENGTH.
                     you  can  use  a filter to modify packets, but the length
                     must be the  same  since  the  tcp  sequences  cannot  be
                     updated in both ways.
                     You  have  to pass as argument the MAC and the IP address
                     of the real gateway for the lan.
                     Obviously you have to be able to sniff all  the  traffic.
                     If  you  are on a switch you have to use a different mitm
                     attack such as arp poisoning.
user123456
  • 520
  • 1
  • 4
  • 13

1 Answers1

1

To drop IGMP and ICMP:

iptables -A INPUT -p ICMP -j DROP
iptables -A OUTPUT -p ICMP -j DROP

iptables -A INPUT -p IGMP -j DROP
iptables -A OUTPUT -p IGMP -j DROP
user123456
  • 520
  • 1
  • 4
  • 13