Security Basics mailing list archives
RE: *warning* student question
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Tue, 20 Jan 2004 10:07:02 -0800
Right, but how, by crafting packets on a remote system could you
can root access to a target system. My thought was that if the target
system was using an old style rlogin with the 'allowed' hosts file set
you could craft packets to try and gain root from that system, though
actually getting the receiving traffic would be harder unless you spoof
the IP/MAC.
TCP Session hijacking allows you to take control of an existing
communications channel and subvert it. Unless this session could gain
you access to the target server then it wouldn't fit within Aaron's
example. Even that, protocols like SSH/SSL would prevent session
hijacking, possibly Telnet?
Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
Email: sjackson () horizonusa com
Phone: (775) 858-2338
(800) 325-1199 x338
-----Original Message-----
From: Karma [mailto:steve () frij com]
Sent: Monday, January 19, 2004 11:36 PM
To: security-basics () securityfocus com
Subject: Re: *warning* student question
Just think that each TCP packet has a signature that says it belongs to
a
session. Read up on what offsets of the packets represents what flags,
for
example where is SYN or Sequence Number, Data, Length etc. When you
start
understanding how these interact in a TCP session, all will fall
together in
place.
If you can craft a packet, any packet, then you can use it to your
advantage, and assume yourself to be from another source IP, and assume
a
live session etc.
A simple analogy, think of it as if you are hi-jacking a IM between user
A
and B, you craft a packet using the credentials or what have you as User
B
and start sending packets to user A.
----- Original Message -----
From: "Aaron Scribner" <awscrib () comcast net>
To: <security-basics () securityfocus com>
Sent: Tuesday, January 20, 2004 4:54 AM
Subject: *warning* student question
I have been lurking on this list for about 3 months now....and I am
more
clueless now than when I signed up. One day talking to my prof after a UNIX/TCP class, we started talking
about
raw socket programming. My prof introduced the idea of being able to program with raw sockets to "hijack" a connection. He presented this
to a
buddy of mine and I as a self-study in the Network Lab. Basically, be
able
to get into a system without a trace and be able to receive the
packets
back. I know you can change the IP and MAC ID of the IP header, but
then
you have to worry about the random CRC of IPv6 (and being on this list
and
reading, I found out most routers will just drop invalid packets). I COMPLETELY have not a clue where to start. I read whatever I could
get my
hands on over the winter break, but I know nothing when it comes to
network
security, just network communication through code. I have a
background in
c/c++ and a couple years of game development (then went back to school after the game flopped), so network security is far from my specialty. The point of this email, is this even possible to accomplish? We have another project that we can work on that we will be able to complete
to 85%
no problems. Should we attempt to take on the "network hijacking"
project
or just look at something else. I do not need a solution to the
problem,
as that would defeat the purpose of the class, just curious if anyone
has
researched this or attempted to do it themselves. Thanks for the bandwidth, Aaron
------------------------------------------------------------------------ -- -
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
any
course! All of our class sizes are guaranteed to be 10 students or
less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention,
and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720
off
any course!
------------------------------------------------------------------------ -- --
------------------------------------------------------------------------ --- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- RE: *warning* student question Shawn Jackson (Jan 20)
- RE: *warning* student question Aaron Scribner (Jan 20)
- Re: *warning* student question Dale Fay (Jan 20)
- <Possible follow-ups>
- RE: *warning* student question Shawn Jackson (Jan 20)
- RE: *warning* student question Mark Kovacic (Jan 20)
- RE: *warning* student question Aaron Scribner (Jan 20)