Re: Smurf ,land attacks
From: Donnie Tognazzini (don_tog@yahoo.com)
Date: 11/17/02
- Previous message: Bill Lavalette: "RE: Contractors on Company Networks - Network segregation"
- In reply to: Paulo Abrantes: "Re: Smurf ,land attacks"
- Next in thread: phani@myrealbox.com: "Re: Smurf ,land attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 16 Nov 2002 23:03:53 -0800 (PST) From: Donnie Tognazzini <don_tog@yahoo.com> To: Paulo Abrantes <ghostrider@box.sk>, vevans@packeteye.phxcoxmail.com
If you want full control of network read/writes use
libnet/libpcap.. have a look at tcpdump.org..
Using libnet/libpcap you can write directly to the
wire.
--- Paulo Abrantes <ghostrider@box.sk> wrote:
> Hello Vik,
>
> What the attacker does is not allowing the Kernel to
> fill in the IP datagram
> from the packet he's spoofing, and filling it by
> himself/herself.
> How can (s)he do that?
> Well, the best way I know, and probably is the way
> that land.c (that you mention)
> uses (I do do not know the source of that program)
> is creating a RAW socket.
> Then using a function called setsocketop() enabling
> the option IP_HDRINCL which
> allows you to include your own IP Header. This way
> it's you that create the all
> the IPheader including IP Source Address.
>
> For further information give a look at raw(7) man
> page.
>
> Regards,
>
> P. Abrantes
>
> On Sat, 9 Nov 2002 13:10:11 -0700
> "Vik Evans" <vevans@packeteye.phxcoxmail.com> wrote:
>
> > My question is this: how does an attacker
> accomplish modifying a packet and
> > sending it; such as in a land.c attack - how does
> he modify the packet to
> > reflect the victim's source and destination IP and
> then send it onto the
> > wire?
> >
> > -----Original Message-----
> > From: Fuchs Bernhard
> [mailto:Bernhard.Fuchs@itellium.com]
> > Sent: Tuesday, November 05, 2002 5:58 AM
> > To: 'vijay vikram shreenivos';
> security-basics@securityfocus.com
> > Subject: AW: Smurf ,land attacks
> >
> >
> > Hi there!
> >
> > with "IP spoofing" you give a different source
> address to the packet. the
> > address is different to your real address. You do
> this for cloaking your
> > scan or if company A scans company B and spoofes
> the address of company c.
> > so company b thinks it is company c scanning them!
> o.k.? but company a will
> > not get any results back! this is mostly to cloak
> your own scan.
> >
> > Smurf is a DoS-Attack (denial of service)
> > You Amplifi your ping through a big network. You
> ping a subnet like
> > x.x.x.255 with an SPOOFED IP-Adress and every
> computer on that big net
> > responses to the poor little machine that has the
> IP-Adress. Think of class
> > B subnet with a few hosts reply to a ADSL
> connected machine... 1500kb
> > download and 196 kb upload :-)
> >
> > land attack is a TCP SYN packet that has the ip
> address and port number for
> > the source set to the same as the ip address and
> port number for the
> > destination. the server connects to itself.
> >
> >
> > any comments?
> >
> > by the way, google knows it too :-)
> >
> > Mit freundlichen Grüßen/ sincerely yours
> >
> >
> > Bernhard Fuchs
> > Junior System-Engineer
> > IT-Infrastruktur
> >
> > ITELLIUM
> > Systems & Services GmbH
> > Fürther Straße 205
> > 90429 Nürnberg
> >
> > Tel.: +49-911-14-27321
> > Fax: +49-911-14-22016
> > mailto:bernhard.fuchs@itellium.com
> > http://www.itellium.com
> >
> > This email is confidential. If you are not the
> intended recipient, you must
> > not disclose or use the information contained in
> it. If you have received
> > this mail in error, please tell us immediately by
> return email and delete
> > the document. E-mails to and from the company are
> monitored for operational
> > reasons and in accordance with lawful business
> practices. The contents of
> > this email are those of the individual and do not
> necessarily represent the
> > views of the company. The company accepts no
> responsibility once an e-mail
> > and any attachments is sent.
> >
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: vijay vikram shreenivos
> [mailto:karpagamekapali@rediffmail.com]
> > Gesendet: Samstag, 2. November 2002 08:15
> > An: security-basics@securityfocus.com
> > Betreff: Smurf ,land attacks
> >
> >
> > Hi list,
> >
> >
> > Can someone give the EXACT differences btw
> >
> > SMURF
> > LAND
> > and IP soofing attacks.
> >
> > karpagamekapalidurgau
> >
>
__________________________________________________________
> > Give your Company an email address like
> > ravi @ ravi-exports.com. Sign up for Rediffmail
> Pro today!
> > Know more. http://www.rediffmailpro.com/signup/
> >
> >
>
__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com
- Next message: Frederick Garbrecht: "Re: Company Firewall's IP Address"
- Previous message: Bill Lavalette: "RE: Contractors on Company Networks - Network segregation"
- In reply to: Paulo Abrantes: "Re: Smurf ,land attacks"
- Next in thread: phani@myrealbox.com: "Re: Smurf ,land attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
