Friday, January 31, 2014

Advance MACOSX network controls & tip/tricks

In this post, I will share a few interesting things  you can do within MACOSX


1: disabling ipv6 mountain-lion +

1st you have to  get a list of the interfaces either from the gui or the cli cmd
"networksetup -listallnetworkservices"

will show you all network interfaces by service name, this will match the names shown in the gui




2nd now to disable the ipv6 services, type the name  with the setv6off option, & you will be challenge for the admin login



You can re-validate via the  netstat command




2: disabling ipv6 snow-leopard

Snow Leopard 10.6.x and older typically allow you to  use the ipv6 -x option to disable all ip6 interfaces.


3: disassociating a  Wifi interface

Some times  the need will arises for changing  a interface  mtu  settings,  changing a ether_mac_address  or  for  using a airpacket injector or 802.11 capture monitor. This will require you to dis-associate the wifi interface;




4: Changing interface MTU for a interfaces 

With mt-lion or newer the getMTU and setMTU commands will allow you to  validate and change the mtu setting for a interface




OR 

You can also just use the ifconfig command in the following example;




5: ether_address changing

 For network pen-testing, we can also change the ether address that's defined for our network interfaces. I like to use  aaaa.aaaa.aaaa  ,  but pick a proper  mac address.


To do this, the ether address can be changed via the ifconfig cmd. Keep in mind you need root access and you must have the  wifi interface disassociated after poweron via the overhead tool bar.



NOTE: You might want to use a valid ether_address due to some enterprise networks have IDS/WIDS or Network Idenitiy engines,  that can triggers on unknown  vendor mac_address

Sites like http://www.coffer.com/mac_find/  or  http://www.iana.org/assignments/ethernet-numbers/ethernet-numbers.xhtml  will help test for a recognized mac_address that registered.


5: removing ipv6 from  lo0 ( loopback )

The commands ;  ip6 -x  networksetup,  or  the WebGUI as described earlier  , " WILL NOT LET you  disable the loopback ipv6 address".

To disable ipv6 on a loopback you have to  revert back to classic BSD  option   -alias and with the ifconfig command

(e.g)



NOTE: Doing this break most browser capability of browsing. You still have  dns resolving capabilities from the cli tho.


You can disable ipv6 in your browser or apply the  ipv4only for the domains you want.

e.g




Ken Felix
Freelance Network / Security Engineer
kfelix  ----a---t---socpuppets ---d---o---t---com

     ^      ^
=(   ^   ^  )=
          o
       /     \

No comments:

Post a Comment