Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ICMP spoofed source tunneling

from [fenfire] Network Security [Permanent Link]
Subject: Re: ICMP spoofed source tunneling
Date: Wed, 22 Sep 2004 12:33:50 +0200 
On Tue, Sep 21, 2004 at 08:55:04PM +0400, Max Tulyev wrote:

Let's imagine in Net a hacker having his source server(S), destination
server(D), and a ip-capable device - victim(V). S sends to V spoofed ICMP
echo request packet containing IP source address of D, and the data in
Payload.

When V receiving that packet, it sends ICMP echo-reply packet to D, AND
FORWARDS TO D ALL DATA IN PAYLOAD!


This could also be used by peer-to-peer networks to achieve sender
anonymity. (Of course you could also directly send UDP packets with forged
source addresses...)
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  New whitepaper "The Phishing Guide", Gunter Ollmann (NGS)
Next by Date:  [Full-Disclosure] [ GLSA 200409-31 ] jabberd 1.x: Denial of Service vulnerability, Sune Kloppenborg Jeppesen
Previous by Thread:  ICMP spoofed source tunneling, Max Tulyev
Next by Thread:  Re: ICMP spoofed source tunneling, Tim Newsham
Indexes:  [Date] [Thread] [Top] [All Lists]