Vulnerability Development mailing list archives
Re: Forge packets ?
From: "Samy Kamkar [CommPort5]" <CommPort5 () LUCIDX COM>
Date: Mon, 11 Sep 2000 20:42:45 +0100
Sure, it's very possible. You may want to see 'hunt' (program, probably on packetstorm.securify.com) and see how it does it. Also, RFC 793 (TCP) will describe tcp connections...once you understand that you will see how a connection is hijacked. Thing is, with your network you can send packets looking exactly like ones coming from the local side so the remote connection would accept it. And also, you're able to sniff the connection so you see exactly what the remote connection is sending back. If you want to fully hijack it (so other user can't send/recieve any more) you could 'probably' send RST packets to the other local connection (looking like connections from the remote host) and you continue to send your packets to the remote host so the connection will only be dropped on the local side of the original client but the connection keeps on going while you're sending the packets. I'm not sure if you can just send RST packets to local without that local sending packets to close the connection on remote so you get a fully closed connection but I'm sure you can fully hijack a connection without problems (local-to-remote, or other way around). This would definately require root (depending on the system, sometimes just certain access to specific devices such as bpf) though... -Sam [commport5] Skreel wrote:
I have a few questions concerning forged packets. I got a LAN that's connected to Internet, and I would like to know if it could be possible for a local attacker to hijack a "local-to-remote" connection in order to send forged packets without resetting the user's connection. thanks
Current thread:
- Forge packets ? Skreel (Sep 12)
- Re: Forge packets ? Samy Kamkar [CommPort5] (Sep 12)
- Re: Forge packets ? FX, Phenoelit (Sep 21)
- <Possible follow-ups>
- Re: Forge packets ? Skreel (Sep 12)
- Re: Forge packets ? Samy Kamkar [CommPort5] (Sep 12)
- Re: Forge packets ? Michael Wojcik (Sep 12)
- Re: Forge packets ? George Gales (Sep 12)
- Re: Forge packets ? Everhart, Glenn (FUSA) (Sep 12)
- Re: Forge packets ? Samy Kamkar [CommPort5] (Sep 13)
- Re: Forge packets ? Andrew Thomas (Sep 13)
- Re: Forge packets ? Michael Wojcik (Sep 14)