Responder with fingerprinting goes undetected #6
Comments
|
I just attempted this with Responder -f, and it does send the LLMNR response. The SMB request for fingerprinting does not happen until after the LLMNR response. Respounder just detects that LLMR spoofing is taking place, not sure what SMB would add in this case. |
|
This is true. The goal here is to detect the presence of responder running in a network by sending a fake LLMNR request and force responder to respond to that. This is what respounder does for now. The only case when adding SMB support will be useful is when someone is running responder to respond to SMB but not to LLMNR. In its default setting this is not the case and hence this tool will catch most instances. Adding SMB will mean that the respounder should also add support for each protocol that responder supports, which seems a lot of additional work for a very little gain. Makes sense? |
Responder probes querying machine and doesnt spoof if get no answer back. Probably listening to 445/TCP may help.
The text was updated successfully, but these errors were encountered: