GhostInTheNet: protects Linux from MITM/DOS/scan

  • Home
  • GhostInTheNet: protects Linux from MITM/DOS/scan
  • May 11, 2018
  • 0
GhostInTheNet

GhostInTheNet: protects Linux from MITM/DOS/scan

Category : Blog

GhostInTheNet

GhostInTheNet is a Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan.

Properties:

  • Network Invisibility
  • Network Anonymity
  • Protects from MITM/DOS
  • Transparent
  • Cross-platform
  • Minimalistic

Dependencies:

  • Linux 2.4.26+ – will work on any Linux-based OS, including Whonix and RaspberryPI
  • BASH – the whole script
  • root privileges – for kernel controlling

Limitations:

  • You can still be found with VLAN logs if using ethernet or by triangulation/broadcast if using WiFi
  • MAC spoofing won’t work if appropriate mitigations have been taken, like DAI or sticky MAC
  • Might be buggy with some CISCO switches
  • Not suitable for production servers

GhostInTheNet

 

How GhostInTheNet works:

The basic and primary network protocol is ARP for IPv4 and NDP (ICMPv6) for IPv6, located in the link and network layer, provides main connectivity in a LAN.

Despite its utility and simplicity, it has numerous vulnerabilities that can lead to a MITM attack and leak of confidentiality.

Patching of such a widely used standard is a practically impossible task.

A very simple, but at the same time effective solution is to disable ARP and NDP responses on an interface and be very cautious with broadcasting.

Considering the varieties of implementations, this means that anyone in the network wouldn’t be able to communicate with such host, only if the host is willing itself.

The ARP/NDP cache will be erased quickly afterward.

 

ARP/NDP

 

Analysis:

No ARP/NDP means no connectivity, so an absolute stealth and obscurity on the network/link layer.

This protects from all possible DOSes and MITMs (ARP, DNS, DHCP, ICMP, Port Stealing) and far less resource consuming like ArpON.

Such mitigation implies the impossibility of being scanned (nmap, arping).

Besides, it doesn’t impact a normal internet or LAN connection on the host perspective.

If you’re connecting to a host, it will be authorized to do so, but shortly after stopping the communication, the host will forget about you because ARP/NDP tables won’t stay long without a fresh request.

Regarding the large compatibility and cross-platforming, it’s very useful for offsec/pentest/redteaming as well.

 

LAN

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

CCNA Training in Bangalore

CCNA Training in Hyderabad

Networking Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

Leave a Reply

Archives

© 2015 Indian Cyber Security Solutions|Indian Cyber Security Solutions

Show Buttons
Hide Buttons