Vulnerability Development mailing list archives

Re: Forge packets ?

From: "FX, Phenoelit" <dev () PHENOELIT DE>
Date: Thu, 21 Sep 2000 11:46:17 +0200

It is actually possible without much effort. Our program ARP0c
(http://www.phenoelit.de/arpoc/) is doing things like hunt (ARP
interception), but includes a bridging and routing engine, so you set it
up with the local routing environment and everything IS transparent.
Things like Windows reporting duplicate IP addresses are handled.

If you want to try it yourself, grab the source code from our site or
packetstorm and include a test whenever the connection is matching the
one you want to take over. Then continue working like the real sender
(perhaps in a seperate fork()ed process) and do whatever you want. In
the meanwhile, you should then filter packets from the real sender OR
adjust the TCP ack and seq numbers accordingly (depending on what kind
of protocol it is).

This would not interrupt the functionality in most cases.

Regards
FX
--
dev       <dev () phenoelit de>
Phenoelit (http://www.phenoelit.de)

Current thread:

Forge packets ? Skreel (Sep 12)
- Re: Forge packets ? Samy Kamkar [CommPort5] (Sep 12)
- Re: Forge packets ? FX, Phenoelit (Sep 21)
- <Possible follow-ups>
- Re: Forge packets ? Skreel (Sep 12)
  - Re: Forge packets ? Samy Kamkar [CommPort5] (Sep 12)
- Re: Forge packets ? Michael Wojcik (Sep 12)
- Re: Forge packets ? George Gales (Sep 12)
- Re: Forge packets ? Everhart, Glenn (FUSA) (Sep 12)
- Re: Forge packets ? Samy Kamkar [CommPort5] (Sep 13)
- Re: Forge packets ? Andrew Thomas (Sep 13)
- Re: Forge packets ? Michael Wojcik (Sep 14)