From 06df704960c556e3c2261a52827d55eb7b4ed0d4 Mon Sep 17 00:00:00 2001
From: lgandx <lgandx@github.com>
Date: Wed, 29 Jan 2014 22:24:02 -0500
Subject: [PATCH] Added: Analyze ICMP Redirect plausibility on current subnet.

---
 Responder.py | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/Responder.py b/Responder.py
index f136c33..369cd7c 100755
--- a/Responder.py
+++ b/Responder.py
@@ -903,12 +903,40 @@ def Parse_IPV6_Addr(data):
     else:
        return False
 
+def IsOnTheSameSubnet(ip, net):
+   net = net+'/24'
+   ipaddr = int(''.join([ '%02x' % int(x) for x in ip.split('.') ]), 16)
+   netstr, bits = net.split('/')
+   netaddr = int(''.join([ '%02x' % int(x) for x in netstr.split('.') ]), 16)
+   mask = (0xffffffff << (32 - int(bits))) & 0xffffffff
+   return (ipaddr & mask) == (netaddr & mask)
+
+def IsICMPRedirectPlausible(IP):
+    dnsip = []
+    for line in file('/etc/resolv.conf', 'r'):
+        ip = line.split()
+        if ip[0] == 'nameserver':
+           dnsip.extend(ip[1:])
+    for x in dnsip:
+        if IsOnTheSameSubnet(x,IP) == False:
+           print "[+]You can ICMP Redirect on this network. This workstation (%s) is not on the same subnet than the DNS server (%s). Use python Icmp-Redirect.py for more details."%(IP, x) 
+        else:
+           pass
+
 def FindLocalIP(Iface):
     s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
     s.setsockopt(socket.SOL_SOCKET, 25, Iface+'\0')
     s.connect(("127.0.0.1",9))#RFC 863
     return s.getsockname()[0]
 
+def AnalyzeICMPRedirect():
+    if Analyze(AnalyzeMode) and OURIP is not None and INTERFACE == 'Not set':
+       IsICMPRedirectPlausible(OURIP)
+    if Analyze(AnalyzeMode) and INTERFACE != 'Not set':
+       IsICMPRedirectPlausible(FindLocalIP(INTERFACE))
+
+AnalyzeICMPRedirect()
+
 def RunLLMNR():
    try:
       ALL = '0.0.0.0'