Mac' LeVitus has been a Macintosh user for a long, long time and has written 49 computer books including Mac OS X Tiger For Dummies and GarageBand for Dummies. He also offers expert. Creating a PDF on a Mac doesn't require any extra software, it's built right into the operating system. This quick video shows you how.
- A Starving Monk Mac Os Update
- A Starving Monk Mac Os Catalina
- A Starving Monk Mac Os X
- A Starving Monk Mac Os 8
The worst book I ever read was Xenephon's 'Anabasis' in ancient Greek. This book is just about as bad. I'm having a difficult time finishing it; it may be impossible. In the first 100 pages the author offends women, Jews, unions, clergy, Christians, accountants, government employees, schools and teachers,and employees in general. He exagerates and stereotypes - and maintains it's all in fun. Byakuren Hijiri (聖 白蓮, Hijiri Byakuren) is a Buddhist nun and magician who was sealed away by humans because of her kindness towards youkai in the outside world. During the events of Undefined Fantastic Object, the youkai she has saved reappear to break her free from the seal. She is now the head priest at the Myouren Temple, which is populated mostly by youkai. Like its Mac OS counterpart, FinSpy for Linux is also obfuscated using LLVM-Obfuscator. The udev2 installer then checks that the system is not a virtual machine, extracts files from itself and stores them in a hidden folder in the user's home, such as at /.cache/.cfg or /.local/.apps.
Today I'm going to show you something dangerous.
Really dangerous.
I once heard an alarming statistics that something like 90% of US based companies aren't running port-security.
Why does this matter?
Well, today I'm going to show you how to launch a DHCP starvation attack that will literally bring a Cisco router or switch to it's knees.
- I'll exhaust all the usable IP addresses on the subnet which prevents anyone from using the network
- I'll completely disable the management plane so IT admins can't console or SSH into the beleaguered device
- I won't take the next step, but the next logical step would be to insert myself as a rogue DHCP server which would allow me to covertly capture and steal all data on the local subnet.
Yeah, this is bad. And the sad part is that it can prevented with one little Cisco command. Unfortunately, most organizations continue to ignore it and that's why this is dangerous.
Going back to Kali
We're going to use Kali Linux with Yersinia to launch a DHCP starvation attack on a Cisco router running as a DHCP server. I strongly suggest that you read my three part series on installing Kali Linux before you get started. I also suggest you check out the article I wrote on how DHCP works. Once you've got those things under your belt we can focus on committing network fracas.
Let the fracas begin
So I went ahead and setup a DHCP server on my router. Let's take a look a few things first.
Insufficient adjectives mac os. The lunartics mac os. Let's look at all the hosts that are currently leasing IP addresses from our server.
Now on a real network you would see dozens of MAC-to-IP bindings; however, I've got this thing going in my lab so the only binding present is the IP address of my Kali Linux machine.
Let's look at few more things here:
This is a great command to quickly assess the health of your DHCP router. The relevant values for us are:
- Memory Usage
- DHCPDISCOVER
- DHCPOFFER
How Yersinia works
The reason I point out those three values is because the DHCP starvation attack will inundate the router with hundreds of thousands of DHCPOFFER frames which contain unique spoofed MAC addresses. Yersinia floods the router with more DHCPDISCOVERs than it can handle. We effecitlye launch a denial of service (DoS) attack against the router. The server faithfully tries to reply with a DHCPOFFER; however, given the voluminous number of DHCPOFFER frames the entire DHCP scope is exhausted and all useable IP addresses on the subnet will be consumed by fake devices using bogus MAC addresses.
How sinister.
This is actually a cruel attack because it's so crude and damaging. It's so easy to do this. A DHCP starvation attack is an egregious attack because you don't even need to know anything about networking to do it.
Before we get started let me show you one more thing:
This command shows us the DHCP pool of addresses available for lease.
You can see the Total addresses attribute is set to 254. This means all we really need to do is flood the server with one more than the maximum; however, as you're about to see, I'm about to destroy the server with thousands of frames.
A Starving Monk Mac Os Update
It's about to get ugly.
Launching the DHCP Starvation Attack
Back in Kali Linux, we're going to use Yersinia to digitally bomb the router.
Let's see what we can do here…
Okay the usage line says we can type yersinia -G to launch the program in Graphical mode. Let's do that.
When the GUI opens we instantly see a bunch of statistics in the left pane for the Cisco Discovery Protocol (CDP), 802.1Q (Trunking) and a bunch of others.
Click the DHCP tab then choose Launch attack in the upper left corner.
Select sending DISCOVER packet, click OK, and take a nap. The router will be offline in a few seconds.
It's really that easy to destroy the local subnet.
I mean, look back in the left pane!
Beagle mac os. It's only been running for 10 seconds and I've already swamped the feeble address space with over 180,000 spoofed DHCP Discover frames!
The poor router can barely keep up.
Let's see the DHCP bindings again
Is this nuts or what?
You can see the entire address space is consumed. Yersinia poured tens of thousands of bogus frames into the server and completely exhausted the DHCP pool.
Now if someone tries to uses the network it will fail. No one will be able to use browse the internet, access corporate databases or exchange email because there are no unassigned IP addresses to dish out.
Furthermore, the management plane is completely destroyed. That is, our ability to login and manage the router is gone.
A few seconds later, I tried to type the show ip dhcp bind command but the router was completely locked up. After a minute, it returned by the database is destroyed.
Neither show ip dhcp bind nor show ip dhcp server stat do anything. The router is so busy drowning in the packet deluge that it can't even execute our basic commands to show the memory usage.
The Bottom Line
Seriously that's the bottom line. This one command will instantly limit the maximum number of MAC addresses on a switchport (or range of switchports) to 1.
Think about it.
Yersinia is effective because it sends thousands of fake MAC addresses through a single switchport but why do we ever need to allow more than one MAC address on a switchport?
I can think of a few exceptions:
A Starving Monk Mac Os Catalina
- Your IT staff is testing something in a lab. Perhaps they have multiple virtual machines that need to communicate on the internet through the switchport. Each VM would have its own MAC address so you might need to lift the 1 MAC address limit for your team.
- If you have a legacy network connected through a hub you might need to lift the MAC limit to the number of hosts on that collision domain. So if you have 5 hosts plugged into that hub you might want to change the MAC limit to 5.
- Or maybe you have computers plugged into VoIP phones and you need to permit the MAC addresses of the workstation and VoIP phones. You could change the limit to 2. if you have VoIP in your network this could cause it to go down so you can change it accordingly:
There's often no tangible reason why a switchport should ever allow more than one MAC address on a swichport.
If someone tried to launch Yersinia on a port-security enabled switch, it would immediately put the port in a secure-shutdown state. The port would imdiately turn off which protects the switch and alerts you that some buttmunch on your network is trying to take you down.
A Starving Monk Mac Os X
If you learned something new hit me up in the comments. Don't let it happen to you.