GhostInTheNet
GhostInTheNet is a Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan.
Properties:
- Network Invisibility
- Network Anonymity
- Protects from MITM/DOS
- Transparent
- Cross-platform
- Minimalistic
Dependencies:
- Linux 2.4.26+ – will work on any Linux-based OS, including Whonix and RaspberryPI
- BASH – the whole script
- root privileges – for kernel controlling
Limitations:
- You can still be found with VLAN logs if using ethernet or by triangulation/broadcast if using WiFi
- MAC spoofing won’t work if appropriate mitigations have been taken, like DAI or sticky MAC
- Might be buggy with some CISCO switches
- Not suitable for production servers
How GhostInTheNet works:
The basic and primary network protocol is ARP for IPv4 and NDP (ICMPv6) for IPv6, located in the link and network layer, provides main connectivity in a LAN.
Despite its utility and simplicity, it has numerous vulnerabilities that can lead to a MITM attack and leak of confidentiality.
Patching of such a widely used standard is a practically impossible task.
A very simple, but at the same time effective solution is to disable ARP and NDP responses on an interface and be very cautious with broadcasting.
Considering the varieties of implementations, this means that anyone in the network wouldn’t be able to communicate with such host, only if the host is willing itself.
The ARP/NDP cache will be erased quickly afterward.
Analysis:
No ARP/NDP means no connectivity, so an absolute stealth and obscurity on the network/link layer.
This protects from all possible DOSes and MITMs (ARP, DNS, DHCP, ICMP, Port Stealing) and far less resource consuming like ArpON.
Such mitigation implies the impossibility of being scanned (nmap, arping).
Besides, it doesn’t impact a normal internet or LAN connection on the host perspective.
If you’re connecting to a host, it will be authorized to do so, but shortly after stopping the communication, the host will forget about you because ARP/NDP tables won’t stay long without a fresh request.
Regarding the large compatibility and cross-platforming, it’s very useful for offsec/pentest/redteaming as well.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Summer Training for CSE, IT, BCA & MCA Students
Network Penetration Testing training
Certified Network Penetration Tester
Diploma in Web Application Security
Certified Web Application Penetration Tester
Certified Android Penetration Tester
Cybersecurity services that can protect your company:
Web Security | Web Penetration Testing
Network Penetration Testing – NPT
Android App Penetration Testing
Other Location for Online Courses: