Re: (woody) ip_forward from "1" to "0" after an arp spoof
Riccardo Tortorici wrote:
Hi all,
I noticed this strange (?) behaviour:
i'm the admin of a debian woody workstation used by many clients as a
gateway to another network. Of course I have the ip_forward set to "1"
and everything go ok.
I tried to arp spoof a host with ettercap and suddenly all the clients
were disconnected. I checked ip_forward and it was "0"!
I tried another time during the normal packet forwarding and it
happened again. So the ip_forward switch from 1 to 0 when you try to do
arp spoofing. How can it be possible?
Thanks in advance
regards,
from man ettercap:
KNOWN-BUGS
- It is better that you don't launch ettercap on a host that is
a gateway because man-in-the-middle attacks
require to disable ip_forwarding, it may cause problem with
routing. But if you want to scan the LAN passively
the gateway is the right place to run ettercap... so be aware of
what you are doing.
I RTFM :)
--
- Riccardo Tortorici -
Linux Registered User #365170
Count yourself @ http://counter.li.org/ !
--
HTML email can be dangerous, is not always readable, wastes bandwidth
and is simply not necessary please don't send them to me!
If you don't know what I0m talking about please read this:
http://www.georgedillon.com/web/netiquette.shtml#charity
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
18 Bottiglie di eccellenti vini Giordano + 7 specialità alimentari +
* 1 carrello dispensa "Servant" in legno massiccio Tutto a metà prezzo!
*
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2621&d=2-9
Reply to: