Vulnerability Development mailing list archives
Re: Forge packets ?
From: "FX, Phenoelit" <dev () PHENOELIT DE>
Date: Thu, 21 Sep 2000 11:46:17 +0200
It is actually possible without much effort. Our program ARP0c (http://www.phenoelit.de/arpoc/) is doing things like hunt (ARP interception), but includes a bridging and routing engine, so you set it up with the local routing environment and everything IS transparent. Things like Windows reporting duplicate IP addresses are handled. If you want to try it yourself, grab the source code from our site or packetstorm and include a test whenever the connection is matching the one you want to take over. Then continue working like the real sender (perhaps in a seperate fork()ed process) and do whatever you want. In the meanwhile, you should then filter packets from the real sender OR adjust the TCP ack and seq numbers accordingly (depending on what kind of protocol it is). This would not interrupt the functionality in most cases. Regards FX -- dev <dev () phenoelit de> Phenoelit (http://www.phenoelit.de)
Current thread:
- Forge packets ? Skreel (Sep 12)
- Re: Forge packets ? Samy Kamkar [CommPort5] (Sep 12)
- Re: Forge packets ? FX, Phenoelit (Sep 21)
- <Possible follow-ups>
- Re: Forge packets ? Skreel (Sep 12)
- Re: Forge packets ? Samy Kamkar [CommPort5] (Sep 12)
- Re: Forge packets ? Michael Wojcik (Sep 12)
- Re: Forge packets ? George Gales (Sep 12)
- Re: Forge packets ? Everhart, Glenn (FUSA) (Sep 12)
- Re: Forge packets ? Samy Kamkar [CommPort5] (Sep 13)
- Re: Forge packets ? Andrew Thomas (Sep 13)
- Re: Forge packets ? Michael Wojcik (Sep 14)