Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

netdiscover's network access not detected or blocked #1182

Open
VorpalBlade opened this issue Sep 6, 2024 · 3 comments
Open

netdiscover's network access not detected or blocked #1182

VorpalBlade opened this issue Sep 6, 2024 · 3 comments

Comments

@VorpalBlade
Copy link

VorpalBlade commented Sep 6, 2024

Please, check the FAQ and Known Problems pages before creating the bug report:

https://github.com/evilsocket/opensnitch/wiki/FAQs

GUI related issues:
https://github.com/evilsocket/opensnitch/wiki/GUI-known-problems

Daemon related issues:

Describe the bug
It seems netdiscover passes under the radar of opensnitch. I'm not actually sure what type of sockets netdiscover uses, so I don't know if this is expected.

Include the following information:

  • OpenSnitch version. 1.6.5.1-1 (installed from distro + ebpf from AUR)
  • OS: Arch Linux
  • Version: rolling release
  • Window Manager: KDE Plasma 6.1.4
  • Kernel version: Linux athena 6.10.8-zen1-1-zen #1 ZEN SMP PREEMPT_DYNAMIC Wed, 04 Sep 2024 15:18:31 +0000 x86_64 GNU/Linux

To Reproduce
Steps to reproduce the behavior:

  1. Install netdiscover: pacman -S netdiscover
  2. Enable opensnitch and verify it works with "normal" programs (getting popups etc)
  3. Run netdiscover.
  4. OpenSnitch doesn't detect or block netdiscover's network access. And netdiscover works as if opensnitch wasn't there.

Post error logs:
I don't see any relevant error logs in this case.

Expected behavior (optional)
Netdiscover shouldn't be able to bypass opensnitch.

Screenshots
If applicable, add screenshots or videos to help explain your problem. It may help to understand the issue much better.

Additional context
Add any other context about the problem here.

@VorpalBlade VorpalBlade changed the title netdiscover's network access not detected netdiscover's network access not detected or blocked Sep 6, 2024
@VorpalBlade
Copy link
Author

Also tried this on a stock Ubuntu 24.04 system (kernel 6.8.0-41-generic) with the exact result: netdiscover bypasses opensnitch.

@VorpalBlade
Copy link
Author

I straced the netdiscover and it seems to use many types of sockets: AF_PACKET, AF_NETLINK, AF_BLUETOOTH (???). All of them are SOCK_RAW.

The strange thing then is that netdiscover gets past, while nmap gets blocked?

@gustavo-iniguez-goya
Copy link
Collaborator

Hi @VorpalBlade ,

Yeah, it seems to use RAW sockets to send ARP requests: netdiscover - active/passive ARP reconnaissance tool

We don't work at that level.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants