Re: *warning* student question

[Dale Fay <dalef () merit edu>]

  Try google for "hijack" and "telnet". Here is one interesting site:

http://www.trustinginthefuture.com/faq/howto5.html.

  I'd be suprised if IPv6 has not closed this hole. 


On Tue, Jan 20, 2004 at 10:43:40AM -0600, Aaron Scribner wrote:
> >         You could hijack a socket on a system to capture traffic
> > intended for another session/program on the same system, think of this
> > like old shred computer session hacking, but instead of taking over
> > their shell session you're taking over their network socket. The CRC of
> > an IP header is a hash of the payload of the packet and is not random,
> > last time I checked, or am I missing something?
>
> I thought I read something about IPv6 having randomly generated CRCs for 
> packet checking.  From my understanding of what was discussed.  The two 
> systems talking to each other know the "key" and the CRC is not in a 
> straight sequence.
>
>
> >         Can this be done remotely, no. You would need to gain access to
> > the target system and compromise then kernel of that system to place
> > your 'redirect' code, or run a program on top of the kernel that would
> > sit between the socket and kernel. Unless there is a glaring exploit
> > just attacking the sockets will not gain any sizable benefit,
> > (exception, DOS attacks, SYN Floods, etc). To program the socket, you
> > need access to the system; you can't remotely program a socket without
> > access in one way, shape or form to the target system and thus the
> > backend programming for that socket.
> >
> >         Ask your professor for a proof of concept. A properly configured
> > router will drop invalid packets, but so will a properly configured
> > switch. IDS will immediately flag traffic with bad checksums or bad
> > ARP's. Port security will deactivate a port which try's and spoof a used
> > IP address. Systems will also drop TCP packets with bad checksums. You
> > need to have access to your tcp stack on your system to do almost any
> > kind of complex hack, that's why *NIX/BSD is popular for hacking is that
> > what your professor is inferring?
>
> He is wanting us to be able to root the target, but do it by IP spoofing 
> and generating the IP headers ourselves.  It is supposed to be a 
> programming experiment, but it seems as there is a lot more involved than 
> just generating our own packets, which is quite simple.  Now being able to 
> do anything with those packets in the "real world", that is a completely 
> different ball game.
>
>
> >         Do you have any more information? What type of attack are you
> > trying to do? Are you trying to modify the target systems sockets/tcp
> > stack or a MiM system? What is the overall goal of the attack, gain
> > information, gain root, down the system, etc? Receive the packets back
> > from where?
>
> He is wanting us to receive the packets back to location we are attacking 
> from.  I am going to talk to him about changing the project.  I have 
> senioritis, taking 20 hours and want to do something fun.  Not saying this 
> would be fun, but the other project uses OpenGL if you catch my drift 
> =).  Many thanks for the insight and your time on this subject, but I would 
> be asking way too many questions trying to get this accomplished.  I have 
> never hacked anything and I do not ever foresee myself hacking into a 
> system, unless I get into network security like you guys.
>
> Thanks again,
>
> Aaron "clueless about network security" Scribner
>
>
> > Shawn Jackson
> > Systems Administrator
> > Horizon USA
> > 1190 Trademark Dr #107
> > Reno NV 89521
> >
> > www.horizonusa.com
> > Email: sjackson () horizonusa com
> > Phone: (775) 858-2338
> >              (800) 325-1199 x338
>
>
>
> ---------------------------------------------------------------------------
> Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
> course! All of our class sizes are guaranteed to be 10 students or less. 
> We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
> and many other technical hands on courses. 
> Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
> any course!  
> ----------------------------------------------------------------------------

-- 

Dale Fay
Merit Systeam/RADB
www.merit.edu
www.radb.net


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------