Bugtraq mailing list archives
Blind Spoofing
From: coder () REPTILE RUG AC BE (System Crasher)
Date: Sat, 20 Sep 1997 13:31:23 +0200
Hello, hmm.... I have put together a little article on Blind Spoofing. It's not very hot, nothing new... but maybe you'll like some of the sourcecode. The only reason I post this is to have somekind of a reference that I am the original author, as I have been ripped of allready to many times. Thx for your time, [Brecht] Document to be found at: http://main.succeed.net/~coder/spoofit/spoofit.html This is it's contence: -=[ A short overview of IP spoofing: PART II ]=- -=[ Part of 'The Packet Project']=- (Includes Source for Linux 1.3.X and later kernels) All text and Source code written by Brecht Claerhout (Copyright 1996-7) All source tested on Linux kernel 2.0.X All packet data captured with Sniffit 0.3.5 ------------------------------------------------------------------------------- PART II: Advanced spoofing (Blind) ---------------------------------- 0. Introduction 0.1 What 0.2 For whom 0.3 Disclaimer 0.4 License 1. Description of source code 2. General information 2.1 Source Routed IP 2.2 Rerouting 3. Blind spoofing 3.1 Sequence number generation 3.1.1 Situation of the problem 3.1.2 Sequence number generation 3.1.2.a The old 64K rule 3.1.2.b Time related generation 3.1.2.c The 'pain in the ass' generation 3.2 Sequence number prediction 3.2.a 64K rule 3.2.b Time relation 3.3 The attack 3.3.1 Connection initiation 3.3.1.a 64K rule 3.3.1.b Time relation 3.3.2 Sending the data 3.3.3 The attack 3.3.4 Full log 3.3.5 Detection, and avoiding it 3.3.5.a Probes 3.3.5.b RST packets 3.3.5.b RST packets 3.3.5.c The ACK guesses 3.3.5.d Retransmission 4. How to use the source code 4.1 SEQ-scan 4.2 Eriu 4.3 Improvements Appendix: Short note about rlogin Appendix: Source Code .----- Coder, The Ultimate System Crasher E-Mail: coder () reptile rug ac be Armageddon(tm): http://sniffit.rug.ac.be Armageddon(tm) - Site in ExilE: http://main.succeed.net/~coder Sniffit(tm): http://sniffit.rug.ac.be/sniffit/sniffit.html Latest Version: 0.3.5 Sniffit announce list: send SUBSCRIBE to 'coder-sniffit-request () reptile rug ac be' to get notified when new versions are released.
Current thread:
- Java/JavaScript DoS, (continued)
- Java/JavaScript DoS Ian McKellar (Sep 16)
- Re: Fake ps detection program (system V and /proc enabled David Luyer (Sep 16)
- Re: CERT Advisory CA-97.23 - rdist Perry E. Metzger (Sep 16)
- Re: CERT Advisory CA-97.23 - rdist Alex (Sep 16)
- [IPD] Internet Probe Droid balif (Sep 16)
- Re: [IPD] Internet Probe Droid Keith A. Watson (Sep 18)
- Instresting practises of Oracle [Oracle Webserver] hurtta+zz () OZONE FMI FI (Sep 18)
- Redir games with ARP and ICMP Yuri Volobuev (Sep 19)
- Re: Redir games with ARP and ICMP Alan Cox (Sep 19)
- Re: Redir games with ARP and ICMP Ulrich Flegel (Sep 20)
- Blind Spoofing System Crasher (Sep 20)
- SunOS4.1.X sockopt panic HAKNER JEFF (Sep 20)
- Re: Redir games with ARP and ICMP John Goerzen (Sep 22)
- Re: CERT Advisory CA-97.23 - rdist Simon Karpen (Sep 16)
- Sun Security Bulletin #00154 Aleph One (Sep 17)