I'm testing MitM attacks by manipulating ARP packets. I've successfully managed to trick another computer on the network (my phone) into thinking that I'm the router. I also have packet forwarding enabled on my attacker's computer.
The problem is, when I try to visit a website on my phone, I can see the traffic get sent to my computer (.47), but instead of forwarding it, it sends an ICMP redirect back to my phone (.111):
It seems this can be prevented on Linux, but is there a way to prevent this on Windows?
Ideally, I'd like my computer to just accept the traffic, then forward it back out through the same interface it received it on to the router (or the victim computer for return traffic once I've also tricked the router into thinking I'm the victim).
Unfortunately, the suggested HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters EnableICMPRedirect key seems to change whether or not my system will add new hosts in response to receiving an ICMP Redirect, not whether or not it will send them out.
2 Answers
You should be able to block the outgoing ICMP redirect packet with your firewall.
netsh advfirewall firewall add rule name="Don't send ICMP redirects" dir=out protocol=icmpv4:5,any action=blockYou can go to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters registry key, then Find a value named EnableICMPRedirect and set its value to 0. If it does not exist create the DWORD value.
1
