How to use VIPPR
What you need:
A Linux box with at least one interface
All interfaces you plan to use have to have an IP already configured. This can be anything you want - it's not used.
An idea of what you are going to do
The command line is very simple:
-v increases verbosity
-D enables debug output
-f can be used to specify an alternative config file. Per default, vippr.conf is expected in pwd.
-i disables the auto-interface procedure. This can be used to do strange misrouting deliberately. Normally, all interface addresses are added to the virtual router they belong to. This is the standard router behavior in any routing device on the planet. But since this is an attack router, you can prevent this from happening and therefore the router will only use the gateways defined in the router table section.
Most functionality is in the VIPPR config file. General rules are: spaces and line feeds are allowed anywhere between elements. C-Style comments ( /* */ ) are allowed.
To define an stealth VIP (will only route and answer ARP requests), use:
VIP stealth { IP/MASK, MAC, INTERFACE, ROUTER };
An example would be:
VIP stealth { 208.47.125.33/255.255.255.0, 00000CAABBCC, eth0, 1 };
to define an interface that reflects a very interesting server
The routing tables are the second important part of VIPPR. The format for definition of a routing table is:
ROUTER NUM { NET/MASK GATEWAY; };
Since this is so awkward and does not correspond to the syntax we used for VIPs, it may change in the future. But anyway, here and example:
ROUTER 1 {
208.47.124.0/255.255.255.0 208.47.125.254;
0.0.0.0/0.0.0.0 208.47.125.1;
};
If you assign the routing table 0 to an VIP, you disable routing!
Since one key feature of VIPPR is the GRE tunnel intrusion, here the format for GRE VIPs:
VIP gre { IP/MASK, MAC, INTERFACE, ROUTER
< TUNNEL-SOURCE, TUNNEL-DESTINATION> };
Again here the examples (the second one uses a tunnel key):
VIP gre {
192.168.1.1/255.255.255.0, 00000CFFFFFF, eth0, 1
<208.47.125.33,151.189.12.209>
};
VIP gre {
192.168.1.2/255.255.255.0, 00000CFFFFFF, eth0, 1
<208.47.125.33,151.189.12.209,20061944>
};
Now point your workstation's routing table so that it will forward packets with the destiation inside of the 151.189.12.0 network to 192.168.1.2 and proceed.