protocolunique
-
Content Count
28 -
Joined
-
Last visited
Posts posted by protocolunique
-
-
kpd yg berminat network forensic covert channell anaysis
-
kpd yg berminat network forensic covert channell anaysis
-
-
gambar ikon pelakun ni dah murtad..tukarkan lah...
-
Tq bro Umarzuki ...
minggu ni ade 1 lagi ....register just pm inbox saya..
-
Kursus Asas Network Intrusion Prevention System http://suricata-ids.org akan diadakan 26/07/2015 bertempat di seri kembangan kpd sesiapa yg berminat utk mendapat pengalaman mengunakan suricata buat pertama kali sila pm inbox saya utk sbrg pertanyaan/pendaftaran..TQ
-
berminat sila pm arora_rafjani Facebook-id
pls like/comment...
kelas Evasion Analysis with wireshark& snort..
https://www.facebook.com/pages/ProtocolSniffer/750764394981515
-
-
sila layari utk info lanjut ..download mane yg berkenan
https://media.defcon.org/DEF%20CON%2022/DEF%20CON%2022%20video%20and%20slides/
-
Salam utk bulan 2 ni saya openkan 3 kelas worshop utk beginner spt 1. Workshop haproxy-snort utk prtotection hack at http layer attack 2. Workshop Setup Thin Cleint dan Content filtering 3. Linux system admin plus setup apache/dns/ftp/nfs/samba/dhcp maklumat lanjut sila ke http://protocolunique.com tq -
Salam
Syarikat kami ade menyediakan kursus asas
Wireshark/snort [b]1-2/12/2012[/b]
Modsecurity Web Application Firewall(WAF) [color=#CC6600][color=#006600][color=#000099][b]8-9/12/2012[/b][/color][/color][/color]
Hands-On lab:
Installation/configuration/tuning
Analysis/Synthesis Network Forensic Technique
Learning Packet Injection Method with Tools
Common Application Protocol Analysis arp/rarp,dhcp,ip,tcp,udp,icmp
Common Application Protocol Analysis HTTP,FTP,Telnet,ssh,smtp,pop,dns
Analysis Basic Intrusion Network Threat p2p,network worm,dos/ddos
Utk sebarang pertanyaan/maklumbalas sila ke [url="http://protocolunique.com"]protocolunique.com[/url] -
Jgn lupa content filtering ..firewall juga -
salam
Basic protocol anomaly utk detect Heade Web Scanner Http anomaly http://protocolunique.com/waf.html -
Ultrasurf dan vtunnel ialah program proxy yg digunakan utk bypass proxy. disini sy sertakan link cara simple nak blok ultrasurf dan https://vtunnel.com mengunakan apks advanced portknocking
http://protocolunique.com/artikel8.html harap berkongsi pandangan/ilmu. -
Salam bagi sesiapa yg berminat mendalami dan menguuasai tcp-ip dgn mengunakan linux tools sila ke http://protocolunique.com -
Di sini ade beberapa artikel ttg security tools ..harap dpt membantu.tq http://protocolunique.com -
bagus tu..dptkenal2 tukar2 knowledge..bila nak set..insyallah sy datang -
http://networksecuritytoolkit.org ni guna fedora 11 gak..ok juga byk tool security nak compile just yum install gcc-c++ or yum install kernel-source
http://www.clearfoundation.com/Software/overview.html ni pun ok ringan juga tapi guna centos 5.1 ..good for firewall/ips/spamfilter -
Course 1
Course Introduction
The TCP/IP protocol suite is the foundation of the Internet. TCP/IP is robust, scalable and offers a choice of reliable transport or simplistic, unreliable transport. All these attributes lead to a protocol suite that is complex and highly sophisticated. That is where network sniffing plays a useful role. Network sniffing refers to the listening and capturing of all or selected packets of network traffic, traveling over a network, and thus, provide a basis for analysis or investigation needed in trouble-shooting the network.
You will learn
-Fundamental of TCP/IP
-basic skill to effectively set up TCP/IP networks
-How to understand and construct secure,robust local area network
-How to diagnose and fix problems with TCP/IP utulities
-How to plan and design improved networks
-How to troubleshoot TCP/IP Networks
-How to use Protocol Analyser to diagnose real TCP/IP problems
Course Pre-requisites
To gain the most from this course, participants should know a little on TCP/IP networking and Ethernet technology. Important aspects of TCP/IP and Ethernet relevant to sniffing will be reviewed briefly. Some exposure to UNIX will be useful but not essential.
Course Duration
This course will run for 2 consecutive days. The first day will provide a brush up skills on network as well as explain the purpose and usage of network sniffers. The second day will provide an in dept training on how a sniffer could be used to help diagnose and trouble shoot problem on the network.
Course Outline
Day 1
Quick Overview
Review of TCP/IP
Review of TCP/IP Headers
Review of Netmask Calculation
Review of Ethernet Networking
Network Sniffing Principles
What is Promiscuous Mode?
Switching in an Ethernet Hub environment
Switching in a switched environment
Simple Sniffing Exercise
Using the TCPdump/Wireshark/tshark network Sniffer
Introduction to TCPdump/Tcpick/Tcptrack/p0f/ettercap/brian
How to capture ARP/RARP Traffic with TCPdump/Tcpick/Tcptrack/Arpon
How to capture ICMP Traffic with TCPdump/Tcpick/Tcptrack/p0f/ettercap/brian
How to capture UDP Traffic with TCPdump/Tcpick/Tcptrack/p0f/ettercap/brian
How to capture TCP Traffic with TCPdump/Tcpick/Tcptrack/p0f/ettercap/brian
Complex Filtering Rules
Extensive Practices
Using the Wireshark/tshark network Sniffer for baseline Analyse
Domain Name System(DNS)
Address Resolution Protocol(ARP) traffic
Internet Protocol Ver 4(IPV4)
Internet Control Message traffic(ICMP)
User Datagram Protocol(UDP) traffic
Transmission Control Protocol(TCP) traffic
Dynamic Host Configuration Protocol(DHCP) traffic
Hypertext Transfer Protocol(HTTP) traffic
-Understanding Packet Structure
-Filter on each layer
-Analyze Normal/Unusual Traffic/abnormal
Day 2- Advance Network Troubleshooting with packet sniffer
Troubleshooting TCP/IP Network
Using Sniffers to Debug the Network
Examples of how to trouble shoot a network problem (ARP, DHCP, TCP,ICMP etc)
Unique Troubleshooting with Sniffers
Principles/Methodology
Port scanners
-nmap/unicornscan/sinfp/arp-scan
Os fingerprinting
-p0f/disco/unicornscan/sinfp
honeynet/honeypot
-labrea/honeyd/netwox
Packet Generator
-arp-sk/netwox/tcpreplay/bitwistb
PortKnocking
-aldaba-suite/honeyd/knockd
Examples
Denial of service(DOS)
-layer 2 attack and countermeasure
-layer 4 attack and countermeasure
Simple Sniffing and Intrusion Detection System
Sniffing and Intrusion Detection
Sniffing and Computer Forensics
Open Discussion Section
Participants are encouraged to bring their
Problems and questions for discussion
About the Practical Sessions
All the practice session will be conducted in Windows and Linux based machines using the TCPdump and Wireshark packet sniffer.
The practical sessions will include the following:
1. Sniffing all traffic to a host.
2. Sniffing selected traffic to a host based on protocol and ports.
3. Sniffing all traffic to a subnet.
4. Sniffing group of traffic
4. Sniffing selected traffic to a subnet based on protocol and ports.
5. Complex sniffing filters involving different protocols and many ports.
6. Analyzing network traffic in depth with Wireshark
7. TCP exchange following.
8. Large capture files manipulation for analysis.
9. Network troubleshooting with sniffers.
Livecd:pentoo-nsttoolkit
Slackware Linux
virtual box(virtual machine)
window xp/2003/vista tools
sila berhubung dgn saya
[email protected] -
kawalan if saya guna teknik netwok packet injection ia tak lah susah sgt mcm spt
http://putera.forumotion.com/sistem-rangkaian-f28/macam-mana-nak-control-network-printer-t6432.htm?sid=f24080abfe6e862d088f0a6999dff68e
hanya perlukan satu pc terpakai tak payah power sgt ram256 celeron pun ok...gunakan slackware ni..http://hardenedlinux.sourceforge.net/ insyallah blacklist dan whitelist anda yg setkan..cth lain
http://forum.kolejshahputra.edu.my/viewtopic.php?f=14&t=3391
if anda perlukan bantuan sila email saya je -
sy akan gunakan pendekatan packet injection iaitu layer 2 utk locking to printer tu
caranye simple:
(hanya pc 10.4.3.200 ----->printer 10.4.3.1)
1 subnet ade 100 ip ...setkan 1 pc je ug boleh access ke printer
define ip whitelist=10.4.3.200 mac=1:1:1:1:1:a
define ip blacklist=10.4.3.XX mac=1:x:x:x:x:x katakan 99 ip
printer ip =10.4.3.1 mac=a:a:a:a:a:a
saya gunakan arp-sk http://sid.rstack.org/arp-sk/
satu pc linux utk kawal injectkan cmd spt berikut:
###
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.2 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.3 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
#
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.4 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.5 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.6 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.7 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.8 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.9 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.10 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.11 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.12 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.13 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.14 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.15 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.16 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.17 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.18 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.19 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.20 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.21 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.22 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.23 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.24 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.25 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.26 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.27 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.28 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.29 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.30 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.31 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.32 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.33 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.34 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.35 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.36 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.37 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.38 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.39 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.40 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.41 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.42 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.43 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.44 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.45 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.46 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.47 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.48 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.49 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.50 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.51 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.52 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
##
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.53 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.54 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.55 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.56 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.57 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.58 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.59 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.60 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.61 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.62 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.63 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.64 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.65 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.66 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.67 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.68 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.69 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.70 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.71 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.72 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.73 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.74 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.75 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.76 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.77:00:1d:0f:c2:0e:b1 -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.78 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.79 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.80 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.81 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.82 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.83 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.84 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.85 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.86 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.87 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.88 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.89 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.90 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.91 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.92 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.93 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.94 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.95 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.96 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.97 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.98 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.99 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.100 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.101 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.102 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.103 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.104 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.105 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.106 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.107 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.108 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.109 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.110 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.111 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.112 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.113 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.114 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.115 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.116 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.117 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.118 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.119 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.120 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.121 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.122 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.123 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.124 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.125 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.126 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.127 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.128 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.129 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.130 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.131 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.132 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.133 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
##
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.134 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.135 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.136 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.137 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.138 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.139 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.140 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.141 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.142 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.143 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.144 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.145 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.146 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.147 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.148 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.149 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.150 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.151 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.152 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.153 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.154 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.155 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.156 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.157 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.158 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.159 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.160 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.161 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.162 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.163 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.164 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.165 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.166 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.167 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.168 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.169 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.170 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.171 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.172 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.173 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.174 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.175 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.176 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.177 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.178 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.179 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.180 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.181 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.182 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.183 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.184 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.185 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.186 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.187 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.188 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.189 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.190 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.191 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.192 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.193 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.194 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.195 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.196 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.197 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.198 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.199 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.200:1:1:1:1:1:a -d 10.4.3.1 -c 99999999 -T 10 & #------>ni whitelist
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.201 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.201 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.202 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.203 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.204 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.205 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.206 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.207 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.208 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.209 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
##
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.210 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.211 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.212 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.213 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.214 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.215 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.216 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.217 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.218 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.219 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.220 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.221 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.222 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.223 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.224 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.225 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.226 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.227 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.228 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.229 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.230 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.231 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.232 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.233 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.234 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.235 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.236 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.237 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.238 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.239 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.240 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.241 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.242 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.243 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.244 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.245 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.246 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.247 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.248 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.249 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.250 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.251 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.252 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.253 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
/usr/local/sbin/arp-sk -r -i eth3 -S 10.4.3.254 --rand-arp-hwa-src -d 10.4.3.1 -c 99999999 -T 10 &
saya terangkan sikit -S adalah source ip(spoof) dan --rand-arp-hwa-src adalah spoof mac address berubah2 setiap 10 saat injection tersebut jadi arp cache bg printer akan di spoof/poison bila shj ade penguna blacklist cuba link tu printer...
so selesai sudah layer 2 injection kita ctrl mac-ip then focuskan pd pc 10.4.3.200 --->hardenkan sistem 10.4.3.200 spt saranan saudara2 disini juga ...jadi tak perlu nak pantau sgt sapa yg guna kita force hanya ip-mac address 10.4.3.200. -
arp adalah salah satu protocol dlm layer 2
ade beberapa jenis iaitu static/dynamic arp,gratious arp dan proxy arp
Ujian ni melibatkan 2 pc dan satu router dicompile dalam
http://hardenedlinux.sourceforge.net/ os based on slackware
2 tools ..arpon http://arpon.sourceforge.net/ utk pen test guna arp-sk http://sid.rstack.org/arp-sk/
pastikan beberapa libdnet ..libnet...libpcap diinstall terlebih dahulu.
Utk compile arpon-gunakan cmd ni #gcc -g -lpthread -Wall -Werror -lpcap -ldnet -lnet -L/usr/local/lib -I/usr/local/include -DLINUX -o arpon arpon.c /usr/local/lib/libpcap.a /usr/lib/libnet.a /usr/local/lib/libdnet.a
Router(192.168.1.1) <------->pc (arpon)192.168.1.10<----------->pc(arp-sk)-192.168.1.33
192.168.1.1-11:11:22:aa:bb:cc
192.168.1.10-11:11:11:11:11:11
Teknik arp spoof or arp reply attack akan dilaksanakan oleh attacker/pentest utk spoofkan fillup arpcache sama ke router or ke pc(arpon) cth cmd spt
1. pc(arp-sk)#arp-sk -i eth0 -r -S 192.168.1.10:AA:CC:DD:EE:11:12 -d 192.168.1.1 -c 100 -T 2 atau
2.pc(arp-sk)#arp-sk -i eth0 -r -S 192.168.1.10 --rand-arp-hwa-src -d 192.168.1.1 -c 100 -T 2
or
1.pc(arp-sk)#arp-sk -i eth0 -r -S 192.168.1.1:1A:BB:CC:DD:EE:AA -d 192.168.1.10 -c 100 -T 2
2.pc(arp-sk)#arp-sk -i eth0 -r -S 192.168.1.1 --rand-arp-hwa-src -d 192.168.1.10 -c 100 -T 2
Ade perbezaan cmd diatas satu gunakan static arp reply dan random arp hwa src address manakala -c ialah beberapa kali packet arp dihantar manakala -T ialah every 2 second.
Result if tak de protection pc-192.168.1.10 tdk berkomunikasi dgn router.Salah satu cara yg biasa kita lakukan ialah bg kes window mmg vulnerable utk linux just runkan ifconfig eth0 -arp dan masukan static arp static gunakan cmd arp -s 192.168.1.1 11:11:22:aa:bb:cc. Tapi dgn adenye arpon tdk perlu lagi hanya perlu runkan 2 cmd ni iaitu
arpon -i eth0 -s& dan arpon -i eth0 -y& tetapi masih belum cukup lagi sebab protection hanya utk pc 192.168.1.10 so kena gabungkan dgn arp-sk utk fillup ke router semula dgn cmd #pc(arp-sk)#arp-sk -i eth0 -r -S 192.168.1.10:11:11:11:11:11:11 -d 192.168.1.1 -c 100 -T 2 -
nak mudah gunakan live redwall-firewall
sudah ade squid + dansguardian ..ntop pun ade...
endian firewall pun mudah install ade web filtering /snort ids
utk bagus tambahkan honeynet ...utk mudahkan anda gunakan
http://www.networksecuritytoolkit.org/nst/index.html dah ade multitap tapping
ade iptables...snort..p0f(os fingerprinting)..honeyd dan netwox gabungan netwox 73 boleh create virtual ip-mac address yg berbeza disamping peranan honeyd sbg pembuka open port or proxy ke high interaction honeynet.. -
cadangan projek dynamic honeynet system
objective:
to detect/mitigate worm/portscan attack
to falsefy os fingerprinting attack
to confuse hacker/attacker
to locking system ethernet layer
Tools:honeyd + netwox + arpon + arp-sk + ossec
deployment:
1.dlm Lan/vlan.
2.dlm dmz
3.dlm external public ip
honeyd mempunyai satu mechanism terdiri dr dynamic template(3 jenis detect)
1.Source ip
2.Time based
3.Os fingerprinting (based on p0f)
static template boleh open/closed/reset port tcp-udp-icmp---->proxy to other Sistem komputer
Kursus Percuma Metasploit reverse shell analysis
in Pensijilan
Posted · Report reply
https://www.facebook.com/events/1647969528817113/