Are you tired of fighting with people putting home routers on your network to create hotspots?
Is it messing with your existing infrastructure?
Do you have zero budget?
You need...
The Ninja HackJob Router Killer.
So, the plan is simple, pass traffic through a box and decrement TTLs to one. A router or "misconfigured" Macbook will decrement the TTLs as they pass through and the packets will be discarded by the client. It's enough to discourage 99% of the population.
So, the build of materials is simple: One PC with two NICS, and a Linux distro. This was done on RHEL6.
Step 1. Make the system actually forward traffic.
Is it messing with your existing infrastructure?
Do you have zero budget?
You need...
The Ninja HackJob Router Killer.
So, the plan is simple, pass traffic through a box and decrement TTLs to one. A router or "misconfigured" Macbook will decrement the TTLs as they pass through and the packets will be discarded by the client. It's enough to discourage 99% of the population.
So, the build of materials is simple: One PC with two NICS, and a Linux distro. This was done on RHEL6.
Step 1. Make the system actually forward traffic.
In /etc/sysctl.conf, find the following lines:
net.bridge.bridge-nf-call-arptables=0
net.bridge.bridge-nf-call-ip6tables=0
net.bridge.bridge-nf-call-iptables=0
net.ipv4.ip_forward=0
Set all values to 1
Step 2. Make a startup script containing the following:
#!/bin/sh
brctl addbr br0
brctl addif br0 eth0
brctl addif br1 eth1
ifconfig eth1 0.0.0.0
ifconfig eth0 0.0.0.0
ifconfig eth1 up
ifconfig eth0 up
ifconfig br0 up
iptables -F FORWARD
iptables -t mangle -A FORWARD -m physdev --physdev-in eth0 -j TTL --ttl-set 1
The last line is the killer. Take all packets coming in from eth0, mangle the TTL down to 1 then forward them.
All packets passing through the box towards eth1 should get TTL decrement to 1. My tests were also successful with VLAN tagged packets.
No comments:
Post a Comment