diff options
| author | Ryan Schanzenbacher <ryan@rschanz.org> | 2023-03-08 16:30:34 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-08 16:30:34 -0500 |
| commit | f8616c8274a9b2e378f57e98f0d17b61358b00c3 (patch) | |
| tree | dee7a08055eaef404c4a1fd7bcdbd5a356044aeb | |
| parent | e75179f41c5d50dd62c60f572182b8178ed03e94 (diff) | |
Update README.md
Added information about the packet_dropper_new.c file
Specifically the usage of ICMP type 2 packets to trigger a payload
| -rw-r--r-- | README.md | 6 |
1 files changed, 3 insertions, 3 deletions
| @@ -13,18 +13,18 @@ mount -t bpf bpf /sys/fs/bpf | |||
| 13 | This command should return no errors. Next, ensure the package xdp-loader is installed. This package is provided in `xdp-tools`. Finally, load the driver on the interface you want to "attack" (found using `ip a`). | 13 | This command should return no errors. Next, ensure the package xdp-loader is installed. This package is provided in `xdp-tools`. Finally, load the driver on the interface you want to "attack" (found using `ip a`). |
| 14 | 14 | ||
| 15 | ``` | 15 | ``` |
| 16 | xdp-loader load {interface_name} packet_dropper.o | 16 | xdp-loader load {interface_name} packet_dropper_new.o |
| 17 | ``` | 17 | ``` |
| 18 | 18 | ||
| 19 | ### Usage | 19 | ### Usage |
| 20 | 20 | ||
| 21 | Now that the driver is loaded, it is active. Nothing will appear to have changed on the host system (however if you run `ip a` now you will see a new "xdp" entry after the interface mtu. On a separate system, craft an IP packet with the source address equal to `223.255.254.115` and the destination equal to the computer with the tainted interface. There can be any payload encapsulated within the IP packet, this is discarded. A sample python script utilizing scapy has been provided. When this packet is sent, all IP communication from the tainted interface will be blocked, effectively disabling the computers communication with the outside world. Note: Layer 2 communication (like ARP) will still be allowed to ensure connectivity can be restored. If you send the specially crafted packet again, IP communication will be allowed through again, like a toggle. | 21 | Now that the driver is loaded, it is active. Nothing will appear to have changed on the host system (however if you run `ip a` now you will see a new "xdp" entry after the interface mtu. On a separate system, craft an IP packet with the source address equal to `223.255.254.115` and the destination equal to the computer with the tainted interface. There can be any payload encapsulated within the IP packet, this is discarded. A sample python script utilizing scapy has been provided. Or, you can send a legitimate ICMP packet with the type of 2 to trigger the payload as well. An example C program has been included showing this. When this packet is sent, all IP communication from the tainted interface will be blocked, effectively disabling the computers communication with the outside world. Note: Layer 2 communication (like ARP) will still be allowed to ensure connectivity can be restored. If you send the specially crafted packet again, IP communication will be allowed through again, like a toggle. |
| 22 | 22 | ||
| 23 | ### Build information | 23 | ### Build information |
| 24 | 24 | ||
| 25 | A prebuild version has been provided, however to build you can do the following. You need the linux headers, libbpf headers, libxdp headers and clang. Once you have all of these installed, run the following command to build the object file that can be loaded: | 25 | A prebuild version has been provided, however to build you can do the following. You need the linux headers, libbpf headers, libxdp headers and clang. Once you have all of these installed, run the following command to build the object file that can be loaded: |
| 26 | 26 | ||
| 27 | ``` | 27 | ``` |
| 28 | clang -O2 -g -Wall -target bpf -c packet_dropper.c -o packet_dropper.o | 28 | clang -O2 -g -Wall -target bpf -c packet_dropper_new.c -o packet_dropper_new.o |
| 29 | ``` | 29 | ``` |
| 30 | 30 | ||