FireWall Problem about tater HOT 5 CLOSED

I'll test more firewall scenarios with Tater after I get Inveigh 1.1 released.

from tater.

maybe it will be nice to try to add arp spoffing for inveigh
thanks

from tater.

I'm not sure that the firewall is blocking you in this case. In my testing, it's the NBNS spoofer that triggers the firewall alert. With default setting, the spoofer is the only thing not using 127.0.0.1. In your screenshot, I can see that WPAD has been successfully spoofed so the NBNS spoofer has done its job. Here are a few things to try:

1. Disable the firewall and see if it works
2. Enable the firewall, delete whatever you are using (powershell or powershell_ise) from the firewall allowed list and start Tater with -NBNS N. You should not see a firewall prompt.
3. If it always hangs at that same spot, open a browser and navigate to http://127.0.0.1. You should see an HTTP request notification from Tater. This will confirm that the HTTP listener is working.
4. If the HTTP listener seems to be working, maybe try trigger 0 and just let it run for a day.
5. Try potato.exe and see if it behaves the same. https://github.com/foxglovesec/Potato

I have a couple of test systems that just don't seem to want to work anymore with either potato or tater and the Windows Defender trigger. I have not had a chance to really look into it.

I'm going through a cleanup round with Tater and will continue to test.

from tater.

Great,
I will test with -NBNS N and let you know what happened
great job BTW

On Thu, Mar 17, 2016 at 4:23 AM, Kevin Robertson [email protected]
wrote:

I'm not sure that the firewall is blocking you in this case. In my
testing, it's the NBNS spoofer that triggers the firewall alert. With
default setting, the spoofer is the only thing not using 127.0.0.1. In your
screenshot, I can see that WPAD has been successfully spoofed so the NBNS
spoofer has done its job. Here are a few things to try:

1. Disable the firewall and see if it works
2. Enable the firewall, delete whatever you are using (powershell or
   powershell_ise) from the firewall allowed list and start Tater with -NBNS
   N. You should not see a firewall prompt.
3. If it always hangs at that same spot, open a browser and navigate
   to http://127.0.0.1. You should see an HTTP request notification from
   Tater. This will confirm that the HTTP listener is working.
4. If the HTTP listener seems to be working, maybe try trigger 0 and
   just let it run for a day.
5. Try potato.exe and see if it behaves the same.
   https://github.com/foxglovesec/Potato

I have a couple of test systems that just don't seem to want to work
anymore with either potato or tater and the Windows Defender trigger. I
have not had a chance to really look into it.

I'm going through a cleanup round with Tater and will continue to test.

—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub
#3 (comment)

from tater.

you can close this subject

from tater.