[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <B0DF0180764CDC4888BACFD27C84125F08AE615D@stl02mexc11.corp.chartercom.com>
From: RCompton at chartercom.com (Compton, Rich)
Subject: RE: The ArpSucker is b0rn! Be yourself, be the net.
What does this do that ettercap doesn't already do (by default at startup)?
-----Original Message-----
From: Alpt [mailto:alpt@...aknet.org]
Sent: Monday, September 13, 2004 3:05 PM
To: primavera@...aknet.org
Cc: hackmeeting@...zz.org; hackers@...e.org; ml@...urezza.org;
bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com;
security-alerts@...uxsecurity.com
Subject: The ArpSucker is b0rn! Be yourself, be the net.
Importance: High
Freaknet Death C is pride to present ya:
}----------------- (The ArpSucker) ----------------{
Hi folks,
Did you ever dreamed to become the net, to be a big, bad, black, black,
black hole?
Yep! I did.
This code was made the "12 Sept 2004".
It started to dawn and I, Tomak and Nirvana, after eating some food,
started to rave.
Tomak downloaded fakeap.pl; But I also wanted to give my good amount of
death.
So I told: <<Why not fakeip?>>. Tomak: <<Yea, good idea, but why don't
you wake up all those sleeper with a sane System of a Down's song?>>
After a while,
I started to code TheArpSucker...
Then Elibus, Pallotron were my favourite guinea pigs for direct attacks.
The idea is simple: we add all the ip we want to become in the arp cache of
all the machines. Yes, it's the normal arp poisoning, but we want to become
the ENTIRE NETWORK!
The tests of the global arp cache smashing were successful, I became the
entire
10.0.0.x and 10.0.1.x network. All the packets went to me and, with the
ip_forward
activated, I resent them to the real destination.
Then when I tried to become all the 2^32-1 IPs, I realized that the attacked
machine
(elibus and pallotron, eheheh), were under a mortal DoS. The Elibus' machine
was
constantly at 100% of cpu until Elibus unplugged the eth0 cable, while the
Pallotron's
machine went in kernel panic!. Elibus uses an x86 arch with the linux
kernel, pallotron
uses An Apple I-book, with MacOsx.
Asbesto was giving his blessing to spread death in our bicazzo network, and
Elibus died
because he didn't want to share his gprs connection, AHHAHAHAHA.
- E l i B u S -
RIP.
He was a good guinea pig
(^_^)
That was an happy day!
So, here it is the code, Here I spread the src in the wired.
The ArpSucker is a patch to arping of iputils:
http://www.freaknet.org/alpt/src/p0f-TheArpSucker-iputils-ss020927.patch
You can get the right version of iputils here:
http://www.freaknet.org/alpt/src/iputils-ss020927.tar.gz
These are the .md5 files:
http://www.freaknet.org/alpt/src/p0f-TheArpSucker-iputils-ss020927.patch.md5
http://www.freaknet.org/alpt/src/iputils-ss020927.tar.gz.md5
Have Fun
Fuck to `cat /dev/urandom`
I love ya
--
:wq!
"I don't know nothing" The One Who reached the Thinking Matter '.'
[ Alpt --- Freaknet Medialab ]
[ GPG Key ID 441CF0EE ]
[ Key fingerprint = 8B02 26E8 831A 7BB9 81A9 5277 BFF8 037E 441C F0EE ]
Powered by blists - more mailing lists