I want a box (192.168.29.131) to be protected from cyberattack (in this case nmap scan). I have a honeypot installed in same or different subnet. When attacker tries to do nmap scan on box(192.168.29.131), the nmap scan request to be forwarded to honeypot instead of box. Kindly tell me how to achieve this? Thanks in advance.
I created a GRE tunnel between box and honeypot using OVS-Switch to achieve this. Kindly feel free to suggest me alternative approaches also.
Related
I'm trying FBCTF competition (https://github.com/facebook/fbctf)
My problem is that, when I try to add a base level, using a VBox machine, when I try to acces to this machine's network ip, I always get the FBCTF index.php.
Networks IP is 192.168.56.1, so I use nmap -p- -A 192.168.56.0/24 for scanning the box, but cant find the correct one.
Someone knows why? I'm missing something on the port scan?
Thank you.
Already works. FBCTF is using a NAT, so all trafic is coming to the computer is being redirected to this IP.
Removing the NAT and using Bridge, solves the problem.
I've been trying to SSH to my RPi from an external network for a while with little luck. I've followed all the guides and they say all the same things: get SSH set up, port forward on port 22, and then connect using your external IP address. I've been able to easily SSH to the RPi using my internal IP from the same network with no problem, but not from my external IP. This is my configuration for port forwarding:
That is the internal IP for my RPi's ethernet connection. I've tried it with the IP for WiFi as well and it just has the same effect. When I try to SSH using my external IP, it just times out no matter which internal IP is port forwarded (ethernet or WiFi). I've tried it both on PuTTY on my PC and from my Macbook using
sudo ssh pi#my.external.ip.address
It still just times out. The only thing I can think that might be happening is some issue with a firewall, but I have no idea how firewalls work so if this has been seen before and it is a firewall issue, more detailed guide would be nice.
Even if the issue is not known, is there any way to debug the SSH call and see where exactly it's failing when I use the external IP? Any kind of help is greatly appreciated.
I recently struggled through a lot of this with my pi. As alvits suggests, if you are trying to connect to the pi via the LAN it probably won't work. You need to test from an external IP address.
You shouldn't need to sudo either.
If you are still using pi/raspberry as the username and password, change ASAP. Once the firewall is open it won't take long before you start to see bots trying to log in. I think it was about 30 minutes on my machine. It was interesting for a few days, then annoying. Almost all attacks stopped when I moved off of port 22.
According to this page, it does not appear that my router supports SSH. I was able to find guides online of how to enable it using custom firmware, however I probably won't be attempting that. Thanks for the help anyways!
I'm working on an assignment where I have to grab the ip addresses of the computers on a local network and attempt to discover the associated ethernet address using a script on linux.
I'm up to the point where my script gets all the addresses but I'm not sure how to get the ethernet addresses using that information. The assignment specification says that 'ip' and 'ping' may be helpful but I'm not sure how to use them to query the other computers for their ethernet address.
Any help would be appreciated.
To lookup MAC addresses you could try arp
/usr/sbin/arp
you may need to provide the explicit path to it if its in /usr/sbin unless you are running as root.
Depending on your permission on network you can use nmap ping scan:
nmap -sP 10.168.254.*
or
nmap -sP 10.168.254.0/24
Above command will scan all the host on the network 10.168.254.0 and will give you IP and MAC both.
This would work only for host which are up/visible and allow ping return.
And in your script you shall have to filter the output for mac-ip pair.
You can achieve many solution using nmap, this is the tool for you.
first you can ping an ip address then use arp -a
As I do my project of "detection and prevention of black hole attack, I need to monitor the packet flow to the nighbouring node. That for, I need to use the promiscuous mode in AODV. I have found some tutorial in the following link but there too its not complete and i have never found any other material.
http://www.dcs.warwick.ac.uk/~adhoc1/nshowto1.html
http://greenw.blogspot.in/2006/08/support-promiscuous-mode-in-aodv.html
There is something like "// put your code here " in AODV::tap(const Packet *p) But I dont get what exactly I need to put there so that I will be able to monitor the packet flow.
It will be very helpful, if anybody can give some light to these, as I am very much towards the end of the course. Its bit urgent.
Thanking you.......
There are several ways to achieve this
Put that node which you want to monitor on hub port and you should plug in that hub on another port and use wireshark to watch traffic from or to that node.
If you both are on same switch use port mirroring to watch his traffic.
Linux has feature of prom mode.
I need to know when a specific pc (which I know ip and MAC) is plugged on the LAN. I want to avoid all polling mechanisms, is it possible under linux to achieve this ? Maybe by sniffing icmp packet?
Thx
If you are in control of the gateway, you can just sniff traffic and see if there's any from/to that host (through MAC or IP address).
If not, things get complicated, and some sort of polling is needed in most cases - in a switched network, you generally won't see the traffic destined for another host; the surest way of checking "online-ness" would be ARP, possibly by using arping (or doing the ARP requests yourself and sniffing the traffic for ARP replies).
Note that neither of these approaches are "sure-fire" - with tools like powernap, (temporarily) offline hosts can appear to be online.
You can use NMAP to scan your network with a simple ping type scan to see what hosts are online and not. This is a polling mechanism, but unless you can program the routers/switches in your network to tell your when MAC or IP address XYZ has started sending traffic, I don't know of any other way to do this.