Virtual IP Phalanx Router

... a study of attack router concepts

How to use VIPPR

• A Linux box with at least one interface
• All interfaces you plan to use have to have an IP already configured. This can be anything you want - it's not used.
• An idea of what you are going to do

The command line is very simple:

• -v increases verbosity
• -D enables debug output
• -f can be used to specify an alternative config file. Per default, vippr.conf is expected in pwd.
• -i disables the auto-interface procedure. This can be used to do strange misrouting deliberately. Normally, all interface addresses are added to the virtual router they belong to. This is the standard router behavior in any routing device on the planet. But since this is an attack router, you can prevent this from happening and therefore the router will only use the gateways defined in the router table section.

Most functionality is in the VIPPR config file. General rules are: spaces and line feeds are allowed anywhere between elements. C-Style comments ( /* */ ) are allowed.
To define an stealth VIP (will only route and answer ARP requests), use:

 VIP stealth { IP/MASK, MAC, INTERFACE, ROUTER };
 

 VIP stealth { 208.47.125.33/255.255.255.0, 00000CAABBCC, eth0, 1 };
 

The routing tables are the second important part of VIPPR. The format for definition of a routing table is:

 ROUTER NUM { NET/MASK	GATEWAY; };
 

 ROUTER 1 { 
 	208.47.124.0/255.255.255.0	208.47.125.254;
 	0.0.0.0/0.0.0.0			208.47.125.1; 
 };
 

Since one key feature of VIPPR is the GRE tunnel intrusion, here the format for GRE VIPs:

 VIP gre { IP/MASK, MAC, INTERFACE, ROUTER 
           < TUNNEL-SOURCE, TUNNEL-DESTINATION> };
 

 VIP gre {
 	192.168.1.1/255.255.255.0, 00000CFFFFFF, eth0, 1
	<208.47.125.33,151.189.12.209>
 };

 VIP gre {
 	192.168.1.2/255.255.255.0, 00000CFFFFFF, eth0, 1
	<208.47.125.33,151.189.12.209,20061944>
 };