Bug#690158: ettercap: unconditionally sets net.ipv4.ip_forward=0
2012/10/12 Simon Paillard spaill...@debian.org: On top of that, ettercap is designed for man in the middle attacks, disabling kernel forwarding seems to be a must. man ettercap: NAME ettercap - multipurpose sniffer/content filter for man in the middle attacks Ok, good to know. Obviously I only wanted a friendly sniffer (no IP information). So the wishlist might be to have this unoffensive mode active by default? Cheers -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690158: ettercap: unconditionally sets net.ipv4.ip_forward=0
On top of that, ettercap is designed for man in the middle attacks, disabling kernel forwarding seems to be a must. Agreed, with one caveat: ettercap *is* capable of mounting a MTM attack by ARP poisoning, which works fine on a non-router host, in which case forwarding wouldn't be enabled in the first place. In any case, it would be nice if ettercap would warn before disabling packet forwarding, and also by default restore the forwarding setting upon exit. Doing so would avoid the awkward situation that engendered this bug report. For this reason, I'm going to change the severity here to wishlist, rather than closing the issue. --Barak. -- Barak A. Pearlmutter Hamilton Institute Dept Comp Sci, NUI Maynooth, Co. Kildare, Ireland http://www.bcl.hamilton.ie/~barak/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690158: ettercap: unconditionally sets net.ipv4.ip_forward=0
Control: -1 severity wishlist On Wed, Oct 10, 2012 at 06:20:58PM +0300, Teodor wrote: Package: ettercap Version: 1:0.7.3-2.1 Severity: grave Justification: causes non-serious data loss I've just found that running 'ettercap' on gateway system (were ip_forward is a must) will unconditionally disable the kernel flag. Actually is is documented, see man ettercap: -u, --unoffensive Every time ettercap starts, it disables ip forwarding in the kernel and begins to forward packets itself. This option prevent to do that, so the responsibility of ip forward‐ ing is left to the kernel. On top of that, ettercap is designed for man in the middle attacks, disabling kernel forwarding seems to be a must. man ettercap: NAME ettercap - multipurpose sniffer/content filter for man in the middle attacks -- Simon Paillard -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690158: ettercap: unconditionally sets net.ipv4.ip_forward=0
Package: ettercap Version: 1:0.7.3-2.1 Severity: grave Justification: causes non-serious data loss Hi, I've just found that running 'ettercap' on gateway system (were ip_forward is a must) will unconditionally disable the kernel flag. This affects both Debian 6.0 (squeeze) and Debian 7.0 (wheezy). Cheers -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/24 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ettercap depends on: ii ettercap-common1:0.7.3-2.1 Common support files and plugins f ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libncurses55.7+20100313-5shared libraries for terminal hand ii libnet11.1.4-2 library for the construction and h ii libpcap0.8 1.1.1-2+squeeze1 system interface for user-level pa ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi ii libssl0.9.80.9.8o-4squeeze13 SSL shared libraries ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime ettercap recommends no packages. ettercap suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
