Vulnerability Development mailing list archives
Re: Forge packets ?
From: Skreel <webmaster () SKREEL COM>
Date: Tue, 12 Sep 2000 06:02:59 +0200
So TCP hijacking is the solution ? I thought hunt could only hijack connections on port 23. What I actually want is to send data to remote host without dropping the user's connection, wether the user's sees the data or not (i'm only talking theoritically) i just wanted to know if it was possible. And also if I used ipchains to IPmasquerade the lan, then wouldn't it be easier for an attacker to send data and hijack the user's connection ? Is there anyway to prevent this kind of attack (if it is a real attack )? -----Message d'origine----- De : Samy Kamkar [CommPort5] <CommPort5 () LucidX com> À : Skreel <webmaster () SKREEL COM>; vuln-dev () securityfocus com <vuln-dev () securityfocus com> Date : mardi 12 septembre 2000 05:40 Objet : Re: Forge packets ?
Sure, it's very possible. You may want to see 'hunt' (program, probably on packetstorm.securify.com) and see how it does it. Also, RFC 793 (TCP) will describe tcp connections...once you understand that you will see how a connection is hijacked. Thing is, with your network you can send packets looking exactly like ones coming from the local side so the remote connection would accept it. And also, you're able to sniff the connection so you see exactly what the remote connection is sending back. If you want to fully hijack it (so other user can't send/recieve any more) you could 'probably' send RST packets to the other local connection (looking like connections from the remote host) and you continue to send your packets to the remote host so the connection will only be dropped on the local side of the original client but the connection keeps on going while you're sending the packets. I'm not sure if you can just send RST packets to local
without
that local sending packets to close the connection on remote so you get a fully closed connection but I'm sure you can fully hijack a connection without problems (local-to-remote, or other way around). This would definately require root (depending on the system, sometimes just certain access to specific devices such as bpf) though... -Sam [commport5] Skreel wrote:I have a few questions concerning forged packets. I got a LAN that's connected to Internet, and I would like to know if it could be possible for a local attacker to hijack a "local-to-remote" connection in order to send forged packets without resetting the user's connection. thanks
Current thread:
- Forge packets ? Skreel (Sep 12)
- Re: Forge packets ? Samy Kamkar [CommPort5] (Sep 12)
- Re: Forge packets ? FX, Phenoelit (Sep 21)
- <Possible follow-ups>
- Re: Forge packets ? Skreel (Sep 12)
- Re: Forge packets ? Samy Kamkar [CommPort5] (Sep 12)
- Re: Forge packets ? Michael Wojcik (Sep 12)
- Re: Forge packets ? George Gales (Sep 12)
- Re: Forge packets ? Everhart, Glenn (FUSA) (Sep 12)
- Re: Forge packets ? Samy Kamkar [CommPort5] (Sep 13)
- Re: Forge packets ? Andrew Thomas (Sep 13)
- Re: Forge packets ? Michael Wojcik (Sep 14)