Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?

From: DJ Ether (dj_at_ethericmist.net)
Date: 04/13/05

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?"
    Date: Wed, 13 Apr 2005 16:50:14 -0400
    To: Joćo Paulo Caldas Campello <protecao@gmail.com>
    
    

    Perhaps this tool will help you. I wrote it a long time ago. It allows
    you to create any type of ipv4 packet and send them off at high speeds.
    You can customize most parts of the IP and overlying protocol headers.
    It's called `rain` and I believe it is in many ports on various distros,
    but here is a version I never publically released (well until this list):

    http://www.ethericmist.net/files/rain-1.2.8r4.tar.gz

    md5sum: a06b4eef3b4635de47d82aba0064187f

    Hope you find it useful.

    _e

    Joćo Paulo Caldas Campello wrote:

    >Hi,
    >
    > Does anybody know any userland tool, Linux kernel module,
    >iptables/netfilter module, or whatever mechanism to change arbitrary
    >headers of IP packets on-the-fly as long as they traverse the IP
    >stack? Is there any known paper regarding this subject?
    >
    > The whole story is that I'm doing some research and lab tests on
    >semi-blind IP spoofing (i.e. Loose/Strict IP Source Routing) on
    >borders routers and firewalls, so I need an easy way to alter the "IP
    >Options" fields of IP packets to test if the routers/firewalls are
    >vulnerable to IP spoofing (e.g. not doing ingress filtering) in
    >conjunction with source routing techniques.
    >
    > Yes, I know most modern firewalls should just drop IP Options
    >flagged packets, but not all firewalls do that with default
    >configurations.
    >
    > Sure I can construct raw IP packets with the proper IP Options
    >fields set on, but I'm also doing sort of a penetration test so I need
    >a way to automate this task as the packets traverse the stack. This
    >way I could still use well-known and proven penetration test tools
    >such as port and vulnerability scanners, web spiders, and so on.
    >
    > I've already read Netfilter documentation (specially the "Linux
    >netfilter Hacking HOWTO") so I know this kind of packet mangling can
    >be done in userspace. I thought it could be done in the "MANGLE" table
    >of netfilter, but I found no TARGET that achieves that nor any
    >documentation about altering arbitrary IP headers.
    >
    >The question is:
    >
    > - Does already exist such a tool, module or whatever way to change
    >arbitrary headers of IP packets on-the-fly or will I have to (try to)
    >write one? =)
    >
    >Cheers,
    >
    >Joćo Paulo Campello,
    >Network Security Analyst,
    >Tempest Security Technologies.
    >
    >
    >


  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?"

    Relevant Pages

    • RE: Routers, Switches, and Firewall testing
      ... We have been using the ISIC tool suite. ... random packets of the target protocol. ... specify the source and destination port along with the IP. ... While the test above is not "realistic" as firewalls generally do not recive ...
      (Pen-Test)
    • Re: Stateful Inspection
      ... >> A stateful firewall can inspect the contents of the packets as well. ... > VisNetic Firewall falls into a class of firewalls called Stateful ... Stateful inspection firewalls overcome the ...
      (comp.security.firewalls)
    • Re: Stateful Inspection
      ... >> A stateful firewall can inspect the contents of the packets as well. ... > VisNetic Firewall falls into a class of firewalls called Stateful ... Stateful inspection firewalls overcome the ...
      (comp.security.firewalls)
    • Re: Stateful Inspection
      ... > A stateful firewall can inspect the contents of the packets as well. ... Stateful Packet Inspection ... VisNetic Firewall falls into a class of firewalls called Stateful ... Stateful inspection firewalls overcome the ...
      (comp.security.firewalls)
    • Re: Stateful Inspection
      ... > A stateful firewall can inspect the contents of the packets as well. ... Stateful Packet Inspection ... VisNetic Firewall falls into a class of firewalls called Stateful ... Stateful inspection firewalls overcome the ...
      (comp.security.firewalls)