Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Internet down while using Debookee

Hi, 

I was using software name Debookee which intercept packet from network host. 

 

Software was installed on my macbook, and I was testing with tablet. I was surprise, it actually worked. 

I went several website and be able to see from my macbook. I was playing around for minute, then suddenly Internet is disconnect. 

After I reboot router and modem, it redirect me to warning site which from Cox. The website says, I need call Cox to reinstate. 

 

My question is how ISP know there were packet intercept on our network? I assume after Debookee intercept packet, then pass to router. 

 

So, on ISP side, they see same source which is our router. isn't it? 

 

 

2 REPLIES
New Member

only one way to find out,

only one way to find out, call cox and see what they say, i doubt u sniffed their traiffic, however maybe Debookee sent them suspicious packets and now they just want to know what happened. Im not condoning lying..but sometimes people leave their wifi open and well...u know what happens from there on open wifi. you should learn your lesson as well and be careful with "security tools"

New Member

Hi Josh, I'm Thomas, main

Hi Josh,

 

I'm Thomas, main developper of Debookee here.

Debookee does ARP spoofing to intercept network traffic at Layer 2, ie it tries to fool both the target and the router with gratuitous ARP packet to represent the other's IP addresses.

 

From the ISP point of view, behind your router, I can't see how they can detect such interception, as they will see the IP and MAC of your router, and Debookee leaves the content of the packet intact, acting as a transparent router.

Debookee does not send "suspicious" packet.

 

One thing I'd think about is that it may come from your router: ARP spoofing is easily detectable at Layer 2, seeing the MAC address of a specific IP changing over the time, without delivering new DHCP lease. Nothing difficult.

Does your router report such detection to your ISP? That would be a possibility, and I'd be very interested in knowing more details if you have any.

Get in touch at contact at iwaxx

 

Thomas

151
Views
0
Helpful
2
Replies
CreatePlease to create content