Vulnerability Development mailing list archives
Re: forged packets?
From: fygrave () SCORPIONS NET (CyberPsychotic)
Date: Mon, 25 Oct 1999 08:58:02 +0600
~: ~:AFAIK, a local user ( root?) on a linux system if running nmap is able ~:to perform decoy scans with the -D option. only root could run nmap in modes which use RAW_SOCK, or utilize pcap library routines in any sort of way. Basically most of nmap scans, except plain `connect' scan requires you to have uid|euid eq to 0. Going back to this `vulneriability' in linux kernel. That's quite true. You can set your current tty discipline to ppp mode, assign the device random ip address and send IP datagrams via it. It would look like there's a machine with such IP address is being connected to the boxen and just routes via it. I haven't managed yet to finish exploit code (neither have seen any working), but maybe pull some work on it during the comming weekend... if someone won't be quicker ;) -Fyodor -- * Some day this will be a full-fledged user tracking system.. - <linux/sched.h> http://www.kalug.lug.net/fygrave/
Current thread:
- forged packets? Kelvin Fu (Oct 25)
- Re: forged packets? CyberPsychotic (Oct 24)
- Re: forged packets? Ryan Permeh (Oct 25)
- Re: forged packets? Ron DuFresne (Oct 26)
- Re: forged packets? ctor (Oct 25)
- ICQ 2000 Elias Levy (Oct 25)
- Re: ICQ 2000 Blue Boar (Oct 25)
- Re: ICQ 2000 Sean Burford (Oct 25)
- Re: ICQ 2000 Brad Griffin (Oct 26)
- Re: ICQ 2000 Blue Boar (Oct 25)
- icq2000 Brad Griffin (Oct 26)
- Re: ICQ 2000 Damm, Mike (Oct 26)
- Re: ICQ 2000 Brad Griffin (Oct 26)