• Quote of the week

    “In his final pamphlet of this series, No Treason No. 6, "The Constitution of No Authority," Spooner broke new ground by demolishing the theory of tacit consent. Spooner argued that merely living in a certain geographic area under control of a government, or voting in government elections, in no way implied one's consent to the government of that territory. Elections mean nothing; for Spooner showed that a majority of people never vote, and of those who do, the number supporting the elected candidates is so small (as a percentage of the population) as to be ludicrous. "Elections are secret; therefore, you cannot call representatives legal agents, since they do not know specifically whom they do represent." Therefore, having voted in an election in no formal way demonstrates that one consented to anything. "On the question of the Constitution itself, no vote ever had been taken, and as a legal contract the Constitution has no validity."
    -- No Treason, Lysander Spooner

GhostInTheNet – Hide in network like a Ghost – GitHackTools – Security Toolkit for Pentesters

GhostInTheNet
Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan

How it works
The basic and primary network protocol is ARP for IPv4 and NDP (ICMPv6) for IPv6, located in the link and network layer, provides main connectivity in a LAN.
Despite its utility and simplicity, it has numerous vulnerabilities that can lead to a MITM attack and leak of confidentiality.
Patching of such a widely used standard is a practically impossible task.

A very simple, but at the same time effective solution is to disable ARP and NDP responses on an interface and be very cautious with broadcasting.
Considering the varieties of implementations, this means that anyone in the network wouldn’t be able to communication with such host, only if the host is willing it-self.
The ARP/NDP cache will be erased quickly afterwards.

Here is an example schema:
A >>> I need MAC address of B >>> B
A <<< Here it is <<< B
A <<< I need MAC address of A <<< B
A >>> I’m not giving it >>> B
A <<< F*CK YOU! <<< B

To increase privacy, it’s advised to spoof the MAC address, which will provide a better concealment.
Moreover, the hostname has to be changed (especially if using DHCP).
All this is possible using simple commands in Linux kernel and a script that automates it all.

Analysis
No ARP/NDP means no connectivity, so an absolute stealth and obscurity on the network/link layer.
This protects from all possible DOSes and MITMs (ARP, DNS, DHCP, ICMP, Port Stealing) and far less resource consuming like ArpON.
Such mitigation implies impossibility of being scanned (nmap, arping).

Besides, it doesn’t impact a normal internet or LAN connection on the host perspective.
If you’re connecting to a host, it will be authorised to do so, but shortly after stopping the communication, the host will forget about you because, ARP/NDP tables won’t stay long without a fresh request.
Regarding the large compatibility and cross-platforming, it’s very useful for offsec/pentest/redteaming as well.

You see everyone, but nobody sees you, you’re a ghost.
Mitigation and having real supervision on the network will require deep reconfiguration of OSes, IDPSes and all other equipement, so hardly feasible.

Examples & how to use this tool is at:  GhostInTheNet – Hide in network like a Ghost – GitHackTools – Security Toolkit for Pentesters

Similar Posts:

Total Page Visits: 237 - Today Page Visits: 5

2 Comments:

  1. Im not positive where you are getting your information, however great topic. I needs to spend some time learning more or understanding more. Thank you for great info I was looking for this info for my mission.

  2. Thank you for sharing with us, I conceive this website truly stands out : D.

Leave a Reply

Your email address will not be published. Required fields are marked *

  • Your online freedom is just seconds away.

    Buy VPN with Bitcoin, PayPal, Credit Card | Get Your First 30 Days FREE

  • Famous Quotes In History

    "I think the subject which will be of most importance politically is mass psychology....Although this science will be diligently studied, it will be rigidly confined to the governing class. The populace will not be allowed to know how its convictions were generated."
    -- Bertrand Russell in The Impact of Science on Society  
     
    “Beware the leader who bangs the drums of war in order to whip the citizenry into a patriotic fervor, for patriotism is indeed a double-edged sword. It both emboldens the blood, just as it narrows the mind. And when the drums of war have reached a fever pitch and the blood boils with hate and the mind has closed, the leader will have no need in seizing the rights of the citizenry. Rather, the citizenry, infused with fear and blinded by patriotism, will offer up all of their rights unto the leader and gladly so. How do I know? For this is what I have done. And I am Caesar.”
    – Julius Caesar  
     
    Past Famous Quotes | Archive