Vulnerability Development mailing list archives

Re: forged packets?

From: fygrave () SCORPIONS NET (CyberPsychotic)
Date: Mon, 25 Oct 1999 08:58:02 +0600


~:
~:AFAIK, a local user ( root?) on a linux system if running nmap is able
~:to perform decoy scans with the -D option.

only root could run nmap in modes which use RAW_SOCK, or utilize pcap
library routines in any sort of way. Basically most of nmap scans, except
plain `connect' scan requires you to have uid|euid eq to 0.

Going back to this `vulneriability' in linux kernel. That's quite true.
You can set your current tty discipline to ppp mode, assign the device
random ip address and send IP datagrams via it. It would look like there's
a machine with such IP address is being connected to the boxen and just
routes via it. I haven't managed yet to finish exploit code (neither have
seen any working), but maybe pull some work on it during the comming
weekend... if someone won't be quicker ;)

-Fyodor

--
* Some day this will be a full-fledged user tracking system..
- <linux/sched.h>
                        http://www.kalug.lug.net/fygrave/

Current thread:

forged packets? Kelvin Fu (Oct 25)
- Re: forged packets? CyberPsychotic (Oct 24)
- Re: forged packets? Ryan Permeh (Oct 25)
  - Re: forged packets? Ron DuFresne (Oct 26)
- Re: forged packets? ctor (Oct 25)
- ICQ 2000 Elias Levy (Oct 25)
  - Re: ICQ 2000 Blue Boar (Oct 25)
    - Re: ICQ 2000 Sean Burford (Oct 25)
    - Re: ICQ 2000 Brad Griffin (Oct 26)
  - icq2000 Brad Griffin (Oct 26)
  - Re: ICQ 2000 Damm, Mike (Oct 26)
    - Re: ICQ 2000 Brad Griffin (Oct 26)

(Thread continues...)