In-Reply-To: <001c01c2882c$53eec250$[EMAIL PROTECTED]>
I believe that this can be done with tools such as dsniff. In =
addition, any
attack which uses ICMP protocol can easily be spoofed simply by writing =
a
small script. For example, using ping alone you can do the following =
by
using the dummy module for linux:
/sbin/insmod -o dummy /lib/modules/[kernel
version]/kernel/drivers/net/dummy0
/sbin/ifconfig dummy up 10.10.10.10 ( or any address)
ping -I 10.10.10.10 [hostname to send packets to] -P [packetsize]
wolla!
It will send a custom packetsize to the specified hostname. Keep in =
mind
this is strictly for ICMP traffic.
Hope this helps!
jm
Wirerats Network Security, Inc.
>
>My question is this: how does an attacker accomplish modifying a packet
and
>sending it; such as in a land.c attack - how does he modify the packet to
>reflect the victim's source and destination IP and then send it onto the
>wire?
>
>-----Original Message-----
>From: Fuchs Bernhard [mailto:Bernhard.Fuchs@;itellium.com]
>Sent: Tuesday, November 05, 2002 5:58 AM
>To: 'vijay vikram shreenivos'; [EMAIL PROTECTED]
>Subject: AW: Smurf ,land attacks
>
>
>Hi there!
>
>with "IP spoofing" you give a different source address to the packet. the
>address is different to your real address. You do this for cloaking your
>scan or if company A scans company B and spoofes the address of company
c.
>so company b thinks it is company c scanning them! o.k.? but company a
will
>not get any results back! this is mostly to cloak your own scan.
>
>Smurf is a DoS-Attack (denial of service)
>You Amplifi your ping through a big network. You ping a subnet like
>x.x.x.255 with an SPOOFED IP-Adress and every computer on that big net
>responses to the poor little machine that has the IP-Adress. Think of
class
>B subnet with a few hosts reply to a ADSL connected machine... 1500kb
>download and 196 kb upload :-)
>
>land attack is a TCP SYN packet that has the ip address and port number
for
>the source set to the same as the ip address and port number for the
>destination. the server connects to itself.
>
>
>any comments?
>
>by the way, google knows it too :-)
>
>Mit freundlichen Gr��en/ sincerely yours
>
>
>Bernhard Fuchs
>Junior System-Engineer
>IT-Infrastruktur
>
>ITELLIUM
>Systems & Services GmbH
>F�rther Stra�e 205
>90429 N�rnberg
>
>Tel.: +49-911-14-27321
>Fax: +49-911-14-22016
>mailto:bernhard.fuchs@;itellium.com
>http://www.itellium.com
>
>This email is confidential. If you are not the intended recipient, you
must
>not disclose or use the information contained in it. If you have received
>this mail in error, please tell us immediately by return email and delete
>the document. E-mails to and from the company are monitored for
operational
>reasons and in accordance with lawful business practices. The contents of
>this email are those of the individual and do not necessarily represent
the
>views of the company. The company accepts no responsibility once an e-
mail
>and any attachments is sent.
>
>
>
>-----Urspr�ngliche Nachricht-----
>Von: vijay vikram shreenivos [mailto:karpagamekapali@;rediffmail.com]
>Gesendet: Samstag, 2. November 2002 08:15
>An: [EMAIL PROTECTED]
>Betreff: Smurf ,land attacks
>
>
>Hi list,
>
>
>Can someone give the EXACT differences btw
>
>SMURF
>LAND
>and IP soofing attacks.
>
>karpagamekapalidurgau
>__________________________________________________________
>Give your Company an email address like
>ravi @ ravi-exports.com. Sign up for Rediffmail Pro today!
>Know more. http://www.rediffmailpro.com/signup/
>
>
>
