Security Basics mailing list archives
RE: *warning* student question
From: Aaron Scribner <awscrib () comcast net>
Date: Tue, 20 Jan 2004 10:43:40 -0600
You could hijack a socket on a system to capture traffic intended for another session/program on the same system, think of this like old shred computer session hacking, but instead of taking over their shell session you're taking over their network socket. The CRC of an IP header is a hash of the payload of the packet and is not random, last time I checked, or am I missing something?
I thought I read something about IPv6 having randomly generated CRCs for packet checking. From my understanding of what was discussed. The two systems talking to each other know the "key" and the CRC is not in a straight sequence.
Can this be done remotely, no. You would need to gain access to the target system and compromise then kernel of that system to place your 'redirect' code, or run a program on top of the kernel that would sit between the socket and kernel. Unless there is a glaring exploit just attacking the sockets will not gain any sizable benefit, (exception, DOS attacks, SYN Floods, etc). To program the socket, you need access to the system; you can't remotely program a socket without access in one way, shape or form to the target system and thus the backend programming for that socket. Ask your professor for a proof of concept. A properly configured router will drop invalid packets, but so will a properly configured switch. IDS will immediately flag traffic with bad checksums or bad ARP's. Port security will deactivate a port which try's and spoof a used IP address. Systems will also drop TCP packets with bad checksums. You need to have access to your tcp stack on your system to do almost any kind of complex hack, that's why *NIX/BSD is popular for hacking is that what your professor is inferring?
He is wanting us to be able to root the target, but do it by IP spoofing and generating the IP headers ourselves. It is supposed to be a programming experiment, but it seems as there is a lot more involved than just generating our own packets, which is quite simple. Now being able to do anything with those packets in the "real world", that is a completely different ball game.
Do you have any more information? What type of attack are you trying to do? Are you trying to modify the target systems sockets/tcp stack or a MiM system? What is the overall goal of the attack, gain information, gain root, down the system, etc? Receive the packets back from where?
He is wanting us to receive the packets back to location we are attacking from. I am going to talk to him about changing the project. I have senioritis, taking 20 hours and want to do something fun. Not saying this would be fun, but the other project uses OpenGL if you catch my drift =). Many thanks for the insight and your time on this subject, but I would be asking way too many questions trying to get this accomplished. I have never hacked anything and I do not ever foresee myself hacking into a system, unless I get into network security like you guys.
Thanks again, Aaron "clueless about network security" Scribner
Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338
---------------------------------------------------------------------------Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- RE: *warning* student question Shawn Jackson (Jan 20)
- RE: *warning* student question Aaron Scribner (Jan 20)
- Re: *warning* student question Dale Fay (Jan 20)
- <Possible follow-ups>
- RE: *warning* student question Shawn Jackson (Jan 20)
- RE: *warning* student question Mark Kovacic (Jan 20)
- RE: *warning* student question Aaron Scribner (Jan 20)