Full Disclosure mailing list archives
Paper Release
From: IHC team <ihcteam () altern org>
Date: Thu, 29 Apr 2004 19:07:57 +0000
Hi all security experts, We, IHC team, are security experts trying to secure the internet from the inside. That's why we often release papers about security and exploitation. That time, we wrote from scratch another paper about udp smurfing. We are pleased to teach you new things ! Regards, for IHC team, Lapeluche <html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40"> <head> <meta http-equiv=Content-Type content="text/html; charset=windows-1252"> <meta name=ProgId content=Word.Document> <meta name=Generator content="Microsoft Word 9"> <meta name=Originator content="Microsoft Word 9"> <link rel=File-List href="./Smurf_fichiers/filelist.xml"> <title>Smurf </title> <!--[if gte mso 9]><xml> <o:DocumentProperties> <o:Author>boss</o:Author> <o:LastAuthor>boss</o:LastAuthor> <o:Revision>3</o:Revision> <o:TotalTime>786</o:TotalTime> <o:Created>2004-04-26T20:28:00Z</o:Created> <o:LastSaved>2004-04-26T20:29:00Z</o:LastSaved> <o:Pages>3</o:Pages> <o:Words>1541</o:Words> <o:Characters>8785</o:Characters> <o:Company>n/a</o:Company> <o:Lines>73</o:Lines> <o:Paragraphs>17</o:Paragraphs> <o:CharactersWithSpaces>10788</o:CharactersWithSpaces> <o:Version>9.2812</o:Version> </o:DocumentProperties> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:HyphenationZone>21</w:HyphenationZone> </w:WordDocument> </xml><![endif]--> <style> <!-- /* Font Definitions */ @font-face {font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:536871559 0 0 0 415 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} h1 {mso-style-next:Normal; margin-right:0cm; mso-margin-top-alt:auto; mso-margin-bottom-alt:auto; margin-left:0cm; text-align:center; mso-pagination:widow-orphan; page-break-after:avoid; mso-outline-level:1; font-size:10.0pt; mso-bidi-font-size:8.0pt; font-family:Verdana; color:gray; mso-font-kerning:0pt; font-weight:bold;} h2 {mso-style-next:Normal; margin-right:0cm; mso-margin-top-alt:auto; mso-margin-bottom-alt:auto; margin-left:0cm; text-align:center; mso-pagination:widow-orphan; page-break-after:avoid; mso-outline-level:2; font-size:12.0pt; mso-bidi-font-size:8.0pt; font-family:Verdana; color:gray; font-weight:bold;} h3 {mso-style-next:Normal; margin-right:0cm; mso-margin-top-alt:auto; mso-margin-bottom-alt:auto; margin-left:0cm; text-align:center; mso-pagination:widow-orphan; page-break-after:avoid; mso-outline-level:3; border:none; mso-border-top-alt:dotted windowtext 3.0pt; mso-border-bottom-alt:dotted windowtext 3.0pt; padding:0cm; mso-padding-alt:1.0pt 0cm 1.0pt 0cm; font-size:20.0pt; mso-bidi-font-size:12.0pt; font-family:Verdana; color:black; font-weight:bold;} p.MsoBodyText, li.MsoBodyText, div.MsoBodyText {margin-right:0cm; mso-margin-top-alt:auto; mso-margin-bottom-alt:auto; margin-left:0cm; mso-pagination:widow-orphan; font-size:8.0pt; font-family:Verdana; mso-fareast-font-family:"Times New Roman"; mso-bidi-font-family:"Times New Roman"; color:gray;} p.MsoBodyText2, li.MsoBodyText2, div.MsoBodyText2 {margin-right:0cm; mso-margin-top-alt:auto; mso-margin-bottom-alt:auto; margin-left:0cm; mso-pagination:widow-orphan; font-size:8.0pt; mso-bidi-font-size:9.0pt; font-family:Verdana; mso-fareast-font-family:"Times New Roman"; mso-bidi-font-family:"Courier New"; color:black;} p.MsoBodyText3, li.MsoBodyText3, div.MsoBodyText3 {margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:8.0pt; mso-bidi-font-size:12.0pt; font-family:Verdana; mso-fareast-font-family:"Times New Roman"; mso-bidi-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} p {margin-right:0cm; mso-margin-top-alt:auto; mso-margin-bottom-alt:auto; margin-left:0cm; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} pre {margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt; font-size:10.0pt; font-family:"Courier New"; mso-fareast-font-family:"Courier New";} span.titre1 {mso-style-name:titre1; mso-ansi-font-size:9.0pt; mso-bidi-font-size:9.0pt; mso-ascii-font-family:Verdana; mso-hansi-font-family:Verdana; color:#485E9E; font-weight:bold;} span.textit {mso-style-name:textit; font-style:italic;} span.textbf {mso-style-name:textbf; font-weight:bold;} @page Section1 {size:595.3pt 841.9pt; margin:70.85pt 70.85pt 70.85pt 70.85pt; mso-header-margin:35.4pt; mso-footer-margin:35.4pt; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> </head> <body lang=FR link=blue vlink=purple style='tab-interval:35.4pt'> <div class=Section1> <p class=MsoNormal align=right style='mso-margin-top-alt:auto;mso-margin-bottom-alt: auto;text-align:right'><span style='font-family:Verdana;color:black'>Ecris par <b>Lapeluche<o:p></o:p></b></span></p> <p class=MsoNormal align=right style='mso-margin-top-alt:auto;mso-margin-bottom-alt: auto;text-align:right'><span style='font-family:Verdana;color:black'>Membre de lassociation <b>IHCTEAM.org</b></span><b><span style='font-family:Verdana; color:white'> </span></b><b><span style='font-size:8.0pt;mso-bidi-font-size: 12.0pt;font-family:Verdana;color:white'><o:p></o:p></span></b></p> <div style='border-top:solid windowtext 3.0pt;border-left:none;border-bottom: solid windowtext 3.0pt;border-right:none;padding:1.0pt 0cm 1.0pt 0cm'> <h3 style='border:none;mso-border-top-alt:solid windowtext 3.0pt;mso-border-bottom-alt: solid windowtext 3.0pt;padding:0cm;mso-padding-alt:1.0pt 0cm 1.0pt 0cm'>LE SMURFING <span style='font-weight:normal'>Etude attaque défense</span> </h3> </div> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p> <p class=MsoNormal align=center style='mso-margin-top-alt:auto;mso-margin-bottom-alt: auto;text-align:center'><span style='font-size:8.0pt;font-family:Verdana; color:gray'>----------------------------------------------------------- -------------------------------------------------------------<o:p></o:p
</span></p>
<h2>Position dattaque</h2> <p class=MsoNormal align=center style='mso-margin-top-alt:auto;mso-margin-bottom-alt: auto;text-align:center'><span style='font-size:8.0pt;font-family:Verdana; color:gray'>----------------------------------------------------------- -------------------------------------------------------------<o:p></o:p
</span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><u><span style='mso-bidi-font-size:8.0pt;font-family:Verdana;color:gray'>I- La théorie, explication :</span></u></b><span style='font-size:8.0pt;font-family:Verdana; color:gray'><o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Aujourdhui nous allons étudier ce quest le smurf.<span style="mso-spacerun: yes"> </span>Catégorisé dans la rubrique du Denial of Services de pars ses méthodes de « barbares ».<o:p></o:p></span></p> <table border=1 cellspacing=0 cellpadding=0 width=1230 style='width:922.4pt; margin-left:3.5pt;border-collapse:collapse;border:none;mso-border-alt:s olid windowtext .5pt; mso-padding-alt:0cm 3.5pt 0cm 3.5pt'> <tr style='height:33.65pt'> <td width=1230 style='width:922.4pt;border:solid windowtext .5pt;background: #3366FF;padding:0cm 3.5pt 0cm 3.5pt;height:33.65pt'> <p class=MsoNormal align=center style='mso-margin-top-alt:auto;mso-margin-bottom-alt: auto;text-align:center'><b><span style='font-size:8.0pt;mso-bidi-font-size: 12.0pt;font-family:Verdana;color:white'>DoS ou Denial of Service est une forme dattaque à distance qui consiste à envoyer et à submerger une machine victime de paquets plus ou moins gros.</span></b><span style='font-size:8.0pt; font-family:Verdana;color:white'><o:p></o:p></span></p> </td> </tr> </table> <p class=MsoBodyText>Beau terme que le « Smurf », mais que veut-il dire, et comment fonctionne-t-il, autant de questions que nous essayerons délucider dans ce petit article.</p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Le smurf consiste à envoyer une bonnes quantités dinformations ( paquets ) sous le nom de la futur victime à un réseau Broadcast. Ces paquets auront comme type un 8.<o:p></o:p></span></p> <p class=MsoBodyText>Vous trouverez dans la RFC un tableau comme celui-ci qui vous permettra de comprendre les différents types de requêtes. </p> <table border=0 cellspacing=0 cellpadding=0 width="100%" bgcolor="#eff2fb" style='width:100.0%;mso-cellspacing:0cm;background:#EFF2FB'> <tr> <td style='padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span class=titre1><span style='font-size:9.0pt;font-family:Verdana;color:white'>Signification des messages ICMP</span></span><span style='font-size:8.5pt;font-family:Verdana; color:white'> <o:p></o:p></span></p> </td> </tr> </table> <p style='margin:0cm;margin-bottom:.0001pt;background:#3366FF'><span style='font-size:8.5pt;font-family:Verdana;color:white;display:none;mso -hide: all'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p> <table border=0 cellpadding=0 bgcolor="#afbbef" style='mso-cellspacing:1.5pt; background:#AFBBEF'> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Type<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Code<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Message<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Signification du message<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><b><span style='font-size:8.5pt; font-family:Verdana;color:red'>8<o:p></o:p></span></b></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><b><span style='font-size:8.5pt; font-family:Verdana;color:red'>0<o:p></o:p></span></b></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><b><span style='font-size:8.5pt; font-family:Verdana;color:red'>Demande d'ECHO<o:p></o:p></span></b></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><b><span style='font-size:8.5pt; font-family:Verdana;color:red'>Ce message est utilisé lorsqu'on utilise la commande <i>PING</i>. Cette commande, permettant de tester le réseau, envoie un datagramme à un destinataire et lui demande de le restituer<o:p></o:p></span></b></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>0<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>destinataire inaccessible<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Le réseau n'est pas accessible<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>1<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>destinataire inaccessible<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>La machine n'est pas accessible<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>2<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>destinataire inaccessible<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Le protocole n'est pas accessible<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>destinataire inaccessible<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Le port n'est pas accessible<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>4<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>destinataire inaccessible<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Fragmentation nécessaire mais impossible à cause du drapeau (flag) DF<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>5<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>destinataire inaccessible<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Le routage a échoué<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>6<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>destinataire inaccessible<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Réseau inconnu<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>7<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>destinataire inaccessible<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Machine inconnue<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>8<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>destinataire inaccessible<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Machine non connectée au réseau (inutilisé)<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>9<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>destinataire inaccessible<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Communication avec le réseau interdite<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>10<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>destinataire inaccessible<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Communication avec la machine interdite<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>11<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>destinataire inaccessible<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Réseau inaccessible pour ce service<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>12<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>destinataire inaccessible<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Machine inaccessible pour ce service<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>11<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>destinataire inaccessible<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Communication interdite (filtrage)<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>4<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>0<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Source Quench<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Le volume de données envoyé est trop important, le routeur envoie ce message pour prévenir qu'il sature afin de demander de réduire la vitesse de transmission<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>5<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>0<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Redirection pour un hôte<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Le routeur remarque que la route d'un ordinateur n'est pas optimale et envoie l'adresse du routeur à rajouter dans la table de routage de l'ordinateur<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>5<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>1<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Redirection pour un hôte et un service donné<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Le routeur remarque que la route d'un ordinateur n'est pas optimale pour un service donné et envoie l'adresse du routeur à rajouter dans la table de routage de l'ordinateur<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>5<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>2<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Redirection pour un réseau<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Le routeur remarque que la route d'un réseau entier n'est pas optimale et envoie l'adresse du routeur à rajouter dans la table de routage des ordinateurs du réseau<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>5<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>3<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Redirection pour un réseau et un service donné<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Le routeur remarque que la route d'un réseau entier n'est pas optimale pour un service donné et envoie l'adresse du routeur à rajouter dans la table de routage des ordinateurs du réseau<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>11<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>0<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Temps dépassé<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Ce message est envoyé lorsque le temps de vie d'un datagramme est dépassé. L'en-tête du datagramme est renvoyé pour que l'utilisateur sache quel datagramme a été détruit<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>11<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>1<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Temps de ré-assemblage de fragment dépassé<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Ce message est envoyé lorsque le temps de ré-assemblage des fragments d'un datagramme est dépassé.<o:p></o:p></span></p> </td> </tr> <tr style='height:1.75pt'> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt;height:1.75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>12<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt;height:1.75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>0<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt;height:1.75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>en-tête erronné<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt;height:1.75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Ce message est envoyé lorsqu'un champ d'un en-tête est erronné. La position de l'erreur est retournée<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>13<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>0<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Timestamp request<o:p></o:p></span></p> </td> <td style='background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Une machine demande à une autre son heure et sa date système (universelle)<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>14<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>0<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Timestamp reply<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>La machine réceptrice donne son heure et sa date système afin que la machine émettrice puisse déterminer le temps de transfert des données<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>15<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>0<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Demande d'adresse réseau<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Ce message permet de demander au réseau une adresse IP<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>16<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>0<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>réponse d'adresse réseau<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Ce message répond au message précédent<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>17<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>0<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Demande de masque de sous-réseau<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Ce message permet de demander au réseau unmasque de sous-réseau<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>18<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>0<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>réponse de masque de sous-réseau<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Ce message répond au message précédent<o:p></o:p></span></p> </td> </tr> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>17<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>0<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>Timestamp reply<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal style='background:#3366FF'><span style='font-size:8.5pt; font-family:Verdana;color:white'>La machine réceptrice donne son heure et sa date système afin que la machine émettrice puisse déterminer le temps de transfert des données<o:p></o:p></span></p> </td> </tr> </table> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Voici le type de paquets nous intéressants le n°8 :<o:p></o:p></span></p> <table border=0 cellpadding=0 bgcolor="#afbbef" style='mso-cellspacing:1.5pt; background:#AFBBEF'> <tr> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal><span style='font-size:8.5pt;font-family:Verdana'>8<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal><span style='font-size:8.5pt;font-family:Verdana'>0<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal><span style='font-size:8.5pt;font-family:Verdana'>Demande d'ECHO<o:p></o:p></span></p> </td> <td style='background:#ECF0FA;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal><span style='font-size:8.5pt;font-family:Verdana'>Ce message est utilisé lorsqu'on utilise la commande <i>PING</i>. Cette commande, permettant de tester le réseau, envoie un datagramme à un destinataire et lui demande de le restituer<o:p></o:p></span></p> </td> </tr> </table> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;mso-bidi-font-size:8.0pt;font-family:Verdana; color:gray'>« Bon cest bien mais je comprend toujours pas ce quest le </span></b><b><span style='font-size:10.0pt;mso-bidi-font-size:8.0pt;font-family:Verdana; color:red'>Smurfing</span></b><b><span style='font-size:10.0pt;mso-bidi-font-size: 8.0pt;font-family:Verdana;color:gray'> », explication :<o:p></o:p></span></b></p> <p class=MsoBodyText3><b><u><![if !supportEmptyParas]> <![endif]><o:p></o:p></u></b></p> <p class=MsoBodyText3><b><u>Définition :</u></b>Le smurf consiste à envoyer un paquets dinformations spoofés cest à dire au nom de la victime </p> <p class=MsoBodyText3 align=center style='text-align:center'>à une adresse broadcasts qui va entraîner une réponse de tous les ordinateurs du réseau à la victime. Résultat, bandes saturés, déconnexion rapide et concise </p> <p class=MsoBodyText3 align=center style='text-align:center'><![if !supportEmptyParas]> <![endif]><o:p></o:p></p> <p class=MsoBodyText3 align=center style='text-align:center'><![if !supportEmptyParas]> <![endif]><o:p></o:p></p> <p class=MsoBodyText3 align=center style='text-align:center'><![if !supportEmptyParas]> <![endif]><o:p></o:p></p> <table border=0 cellspacing=1 cellpadding=0 width="99%" bgcolor="#00ccff" style='width:99.8%;mso-cellspacing:.7pt;background:#00CCFF'> <tr> <td width="99%" style='width:99.84%;background:#3366FF;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal align=center style='mso-margin-top-alt:auto;mso-margin-bottom-alt: auto;text-align:center'><b><i><span style='font-size:14.0pt;mso-bidi-font-size: 9.0pt;color:white'>RAPPEL :<o:p></o:p></span></i></b></p> <p class=MsoNormal align=center style='mso-margin-top-alt:auto;mso-margin-bottom-alt: auto;text-align:center'><b><span style='font-size:8.0pt;mso-bidi-font-size: 9.0pt;font-family:Verdana;mso-bidi-font-family:"Courier New";color:white'>le protocole TCP/IP, dans son adressage a ce qu'on appelle un broadcast sur le réseau, il s'agit en général de la dernière adresse IP du réseau parfois appelée 255.255.255.255. Lorsqu'un paquet est émis vers une adresse de broadcast, toutes les machines répondent à ce signal, par exemple un ping ICMP vers cette adresse entraîne plusieurs réponses.<o:p></o:p></span></b></p> <p class=MsoNormal align=center style='mso-margin-top-alt:auto;mso-margin-bottom-alt: auto;text-align:center'><b><span style='font-size:8.0pt;mso-bidi-font-size: 12.0pt;font-family:Verdana;color:white'>Nous avons besoin sur réseau informatique comme audio, dun amplificateur et distributeur, qui redirige et amplifie les données entrantes sur tout le réseau.<o:p></o:p></span></b></p> </td> </tr> </table> <p class=MsoBodyText3 align=center style='text-align:center'><span style='color:white'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p> <p class=MsoBodyText3 align=center style='text-align:center;background:#3366FF'><span style='color:white'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p> <p class=MsoBodyText3 align=center style='text-align:center;background:#3366FF'><span style='mso-bidi-font-size:8.0pt;color:white'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p> <table border=0 cellspacing=1 cellpadding=0 width="99%" bgcolor="#00ccff" style='width:99.8%;mso-cellspacing:.7pt;background:#00CCFF'> <tr> <td width="99%" style='width:99.84%;padding:.75pt .75pt .75pt .75pt'> <p class=MsoNormal align=center style='mso-margin-top-alt:auto;mso-margin-bottom-alt: auto;text-align:center;background:#3366FF'><b><span style='font-size:8.0pt; mso-bidi-font-size:7.5pt;font-family:Verdana;color:white'>Le smurf est donc une attaque ICMP Flood sauf qu'ici avec un seul paquet vous créez une masse extrêmement importante de <u>datagrammes reponse ICMP</u> et vous profitez de la bande passante des broadcast !</span></b><b><span style='font-size:8.0pt; mso-bidi-font-size:12.0pt;font-family:Verdana;color:white'><o:p></o:p>< /span></b></p> </td> </tr> </table> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Mais ce qui est magnifique avec cette attaque cest non seulement quelle est peut être désastreuse pour un serveur, une personne mais aussi quelle allie, le denial of service et lenvoi de paquets ping, <o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>le spoofing au sein de lémetteurs de paquets et la gestion des broadcasts.<o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Le meilleur moyen ainsi de faire crasher une personne, un serveur en restant protégé.<o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><u><span style='mso-bidi-font-size:8.0pt;font-family:Verdana;color:gray'>II- La pratique, explication :<o:p></o:p></span></u></b></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Tout dabord vous comprendrez quil nous faut ladresse ip de la victime, pour cela le hacker la récupèrera comme il le souhaite. Ensuite, il vous faut à votre disposition des adresses de Broadcasts nécessaires pour lattaque, notre hacker pourra sen procurer sur différents site web notamment celui-ci (<a href="http://www.powertech.no/smurf/">http://www.powertech.no/smurf/</a> ).<o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p> <p class=MsoNormal align=center style='mso-margin-top-alt:auto;mso-margin-bottom-alt: auto;text-align:center'><span style='font-size:8.0pt;font-family:Verdana; color:gray'>----------------------------------------------------------- -------------------------------------------------------------<o:p></o:p
</span></p>
<h2>Position de défense</h2> <p class=MsoNormal align=center style='mso-margin-top-alt:auto;mso-margin-bottom-alt: auto;text-align:center'><span style='font-size:8.0pt;font-family:Verdana; color:gray'>----------------------------------------------------------- -------------------------------------------------------------<o:p></o:p
</span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p> <p style='text-align:justify'><b><u><span style='mso-bidi-font-size:8.0pt; font-family:Verdana;color:gray'>I- Les parades </span></u></b></p> <p class=MsoBodyText>Il n'existe malheureusement pas de parade pour ce genre d'attaque, en effet on peut facilement détecter une attaque provenant d'une machine unique (correspondant à une même adresse) et bloquer le flux d'information en provenance de cette machine, mais il est très difficile de distinguer, lorsque le flux est réparti sur des centaines de machines, une attaque d'une demande de connexion en provenance d'un client réel. Cependant lors dune attaque utilisant le Smurfing, les ordinateurs envoyant toutes les requêtes Pong auront les mêmes masks de sous-réseaux. Il sera donc possible pour un administrateur réseau témoin dune attaque de type Smurf dinterdir toutes les requêtes provenant de ce mask de sous réseau..</p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Mais il existe une solution préventive toute simple qui permettra aux utilisateurs de Linux de ce protéger des attaques de types smurfing, et cela rien quen paramétrant leurs firewall IPTABLES :<o:p></o:p></span></p> <div align=center> <table border=1 cellspacing=0 cellpadding=0 width=904 style='width:677.65pt; margin-left:3.5pt;border-collapse:collapse;border:none;mso-border-alt:s olid windowtext .5pt; mso-padding-alt:0cm 3.5pt 0cm 3.5pt'> <tr style='height:34.7pt'> <td width=904 valign=top style='width:677.65pt;border:solid windowtext .5pt; background:#3366FF;padding:0cm 3.5pt 0cm 3.5pt;height:34.7pt'> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='color:red'>[root@lapeluche /root]# </span><span style='color:white'>iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/second -J ACCEPT</span><span style='color:red'><o:p></o:p></span></b></p> </td> </tr> </table> </div> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><u><span style='mso-bidi-font-size:8.0pt;font-family:Verdana;color:gray'>II- Comment utiliser les logs dun server Cisco et de son ACL pour tracker lattaquant<o:p></o:p></span></u></b></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Etudions maintenant ce quun agressé doit savoir faire pour retrouver lexpéditeur et ainsi la source de cette attaque :<o:p></o:p></span></p> <p class=MsoBodyText>Il faut tout dabord savoir que remonter à la source dun paquet spoofed est une chose plus que délicate, elle nécessite une grande coordinations des moyens des providers pour déterminer lagresseur.</p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Il faut savoir quaujourdhui il est possible de logger tous les paquets traversant votre réseau et acceptés par votre </span><b><span style='font-size:8.0pt;font-family: Verdana;color:#999999'>ACL ( </span></b><b><span style='font-size:8.0pt; mso-bidi-font-size:12.0pt;font-family:Verdana;color:#999999'>Access Control List ). </span></b><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Mais quand une grande quantité de paquets doit êtres loggé, il faut savoir que cela peut créer une forme de chute de tension de votre CPU, cest pourquoi il me semble normal que le système de logs contre se genre dattaque aujourdhui doit être limité quau petites attaques ( petite connections ) mais même dans ce cas si lattaque est longue en temps le nombre de logs générés par votre routeur pourra overload votre système de logs de votre serveur.<o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Tout dabord nous allons étudié les informations concernant le logging des routeurs cisco.<o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Si vous tapez ceci dans la configuration de votre ACL : « access-list 101 permit icmp any any echo log-input » votre système de logs enregistra tous les paquets de pings ICMP quand ils sont envoyés à votre adresse Mac et votre interface. <o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Un exemple de logs pour un « multi-access » réseau :<o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-GB style='font-size:8.0pt;font-family:Verdana;color:gray;mso-ansi-language: EN-GB'>Sep 10<span style="mso-spacerun: yes"> </span>23 :17 :01 PDT : %SEC-6-IPACCESSLOGDP : List 101 permited icmp 10.0.7.30 (FastEthernet1/0 0060.3e2f.6e41) -> 10.30.248.3 (8/0), 5 packets<o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Et ici un exemple<span style="mso-spacerun: yes"> </span>pour un réseau « point to point » :<o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-GB style='font-size:8.0pt;font-family:Verdana;color:gray;mso-ansi-language: EN-GB'>Sep 10<span style="mso-spacerun: yes"> </span>23 :17 :01 PDT : %SEC-6-IPACCESSLOGDP : List 101 permited icmp 10.0.7.30 (BRIO *PPP*) -> 10.30.248.3 (8/0), 5 packets<o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Nous étudierons le première exemple, pour expliquer comment faire pour remonter à partir de ça. <o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Il signifie que :<o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'>Le paquet est venu sur « Fast Ethernet1/0 » de ladresse MAC « 0060.3<sup>e</sup>2f.6<sup>e</sup>41 » destiné à ladresse « 10.30.248.3. ». Pour déterminer ladresse ip de ladresse MAC il vous suffit dutiliser le protocole ARP et de taper « show ip arp » :<o:p></o:p></span></p> <p class=MsoBodyText><b><span lang=EN-GB style='mso-ansi-language:EN-GB'>lapeluche#show ip arp 0060.3e2f.6e41<o:p></o:p></span></b></p> <table border=1 cellspacing=0 cellpadding=0 style='border-collapse:collapse; border:none;mso-border-alt:solid windowtext .5pt;mso-padding-alt:0cm 3.5pt 0cm 3.5pt'> <tr> <td width=88 valign=top style='width:65.8pt;border:solid windowtext .5pt; padding:0cm 3.5pt 0cm 3.5pt'> <p class=MsoBodyText><b><span lang=EN-GB style='mso-ansi-language:EN-GB'>Protocol Adress<o:p></o:p></span></b></p> </td> <td width=88 valign=top style='width:65.8pt;border:solid windowtext .5pt; border-left:none;mso-border-left-alt:solid windowtext .5pt;padding:0cm 3.5pt 0cm 3.5pt'> <p class=MsoBodyText><b><span lang=EN-GB style='mso-ansi-language:EN-GB'>Age (min)<o:p></o:p></span></b></p> </td> <td width=109 valign=top style='width:81.65pt;border:solid windowtext .5pt; border-left:none;mso-border-left-alt:solid windowtext .5pt;padding:0cm 3.5pt 0cm 3.5pt'> <p class=MsoBodyText><b><span lang=EN-GB style='mso-ansi-language:EN-GB'>Hardware Addr<o:p></o:p></span></b></p> </td> <td width=88 valign=top style='width:65.8pt;border:solid windowtext .5pt; border-left:none;mso-border-left-alt:solid windowtext .5pt;padding:0cm 3.5pt 0cm 3.5pt'> <p class=MsoBodyText><b><span lang=EN-GB style='mso-ansi-language:EN-GB'>Type<o:p></o:p></span></b></p> </td> <td width=111 valign=top style='width:83.0pt;border:solid windowtext .5pt; border-left:none;mso-border-left-alt:solid windowtext .5pt;padding:0cm 3.5pt 0cm 3.5pt'> <p class=MsoBodyText><b><span lang=EN-GB style='mso-ansi-language:EN-GB'>Interface<o:p></o:p></span></b></p> </td> </tr> <tr> <td width=88 valign=top style='width:65.8pt;border:solid windowtext .5pt; border-top:none;mso-border-top-alt:solid windowtext .5pt;padding:0cm 3.5pt 0cm 3.5pt'> <p class=MsoBodyText><span lang=DE style='mso-ansi-language:DE'>Internet<span style="mso-spacerun: yes"> </span>10.0.183.65<span style="mso-spacerun: yes"> </span><o:p></o:p></span></p> </td> <td width=88 valign=top style='width:65.8pt;border-top:none;border-left:none; border-bottom:solid windowtext .5pt;border-right:solid windowtext .5pt; mso-border-top-alt:solid windowtext .5pt;mso-border-left-alt:solid windowtext .5pt; padding:0cm 3.5pt 0cm 3.5pt'> <p class=MsoBodyText><span lang=DE style='mso-ansi-language:DE'>32<o:p></o:p></span></p> </td> <td width=109 valign=top style='width:81.65pt;border-top:none;border-left: none;border-bottom:solid windowtext .5pt;border-right:solid windowtext .5pt; mso-border-top-alt:solid windowtext .5pt;mso-border-left-alt:solid windowtext .5pt; padding:0cm 3.5pt 0cm 3.5pt'> <p class=MsoBodyText><span lang=DE style='mso-ansi-language:DE'>0060.3e2f.6e41<span style="mso-spacerun: yes"> </span><o:p></o:p></span></p> </td> <td width=88 valign=top style='width:65.8pt;border-top:none;border-left:none; border-bottom:solid windowtext .5pt;border-right:solid windowtext .5pt; mso-border-top-alt:solid windowtext .5pt;mso-border-left-alt:solid windowtext .5pt; padding:0cm 3.5pt 0cm 3.5pt'> <p class=MsoBodyText>ARPA</p> </td> <td width=111 valign=top style='width:83.0pt;border-top:none;border-left: none;border-bottom:solid windowtext .5pt;border-right:solid windowtext .5pt; mso-border-top-alt:solid windowtext .5pt;mso-border-left-alt:solid windowtext .5pt; padding:0cm 3.5pt 0cm 3.5pt'> <p class=MsoBodyText>FastEthernet1/0</p> </td> </tr> </table> <p class=MsoBodyText>Vous pouvez remarquez que ladresse 10.0.183.65 est lendroit doù vient le paquets. Mais il vous faut un acces sur cette machine pour pouvoir ensuite faire la même chose est ainsi remonter jusquà lattaquant.</p> <p class=MsoBodyText>Article de Craig A. Huegen [chuegen () quadrunner com] traduit et modifié par Lapeluche.</p> <p class=MsoBodyText><b><u>« Je vous conseil sérieusement de lire ses travaux qui reste pour moi une source inépuisables de connaissances »<o:p></o:p></u></b></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p> <pre><![if !supportEmptyParas]> <![endif]><o:p></o:p></pre><pre> </pre><pre><![if !supportEmptyParas]> <![endif]><o:p></o:p></pre><pre><![if !supportEmptyParas]> <![endif]><o:p></o:p></pre> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;font-family:Verdana;color:gray'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;mso-bidi-font-size:12.0pt;font-family:Verdana; color:white'><span style="mso-spacerun: yes"> </span></span><span style='color:white'><o:p></o:p></span></p> <p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:8.0pt;mso-bidi-font-size:12.0pt;font-family:Verdana; color:white'>1.255.255.255 <entrée> </span><span style='color:white'><o:p></o:p></span></p> <p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p> </div> </body> </html> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Paper Release IHC team (Apr 29)
- Re: Paper Release Cedric Blancher (Apr 29)
- RE: Paper Release ams67 (Apr 29)
- i'm searching for good and big dictionaries thE_iNviNciblE (Apr 29)
- Re: i'm searching for good and big dictionaries dila (Apr 29)
- RE: i'm searching for good and big dictionaries Jeremiah Cornelius (Apr 29)
- Re: i'm searching for good and big dictionaries thE_iNviNciblE (Apr 30)
- Re: i'm searching for good and big dictionaries Clint Bodungen (Apr 30)
- Re: Paper Release Lionel Ferette (Apr 30)
- <Possible follow-ups>
- Paper Release IHC team (Apr 29)
- Re: Paper Release Cedric Blancher (Apr 29)