Network Security: Detailed info on Re: ICMP spoofed source tunneling

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

[Top] [All Lists]

Re: ICMP spoofed source tunneling

from [Tim Newsham] Network Security

[Permanent Link]

Subject:	Re: ICMP spoofed source tunneling
Date:	Wed, 22 Sep 2004 10:06:40 -1000 (HST)

On Tue, Sep 21, 2004 at 08:55:04PM +0400, Max Tulyev wrote:

Let's imagine in Net a hacker having his source server(S), destination
server(D), and a ip-capable device - victim(V). S sends to V spoofed ICMP
echo request packet containing IP source address of D, and the data in
Payload.

When V receiving that packet, it sends ICMP echo-reply packet to D, AND
FORWARDS TO D ALL DATA IN PAYLOAD!


This could also be used by peer-to-peer networks to achieve sender
anonymity. (Of course you could also directly send UDP packets with forged
source addresses...)


How does this give anonymity?  When sending to the server, I must
use the servers address as a source address.  When the server replies
to me, it must use my address as a source address.  Maybe the two
addresses dont appear in the same packet at the same time, but they're
there.  This might fool a few people when used a few times, but it
will hardly fool everyone when it is in widespread use.

Tim N.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
ICMP spoofed source tunneling, Max Tulyev Re: ICMP spoofed source tunneling, fenfire Re: ICMP spoofed source tunneling, Tim Newsham <= Re: ICMP spoofed source tunneling, fenfire Re: ICMP spoofed source tunneling, Calum Re: ICMP spoofed source tunneling, sin Re: ICMP spoofed source tunneling, Dave Paris Re: ICMP spoofed source tunneling, raiblehugo

Previous by Date:	RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jaeson Schultz
Next by Date:	Re: Microsoft's GDI Detetection Tool faults, John Bissell
Previous by Thread:	Re: ICMP spoofed source tunneling, fenfire
Next by Thread:	Re: ICMP spoofed source tunneling, fenfire
Indexes:	[Date] [Thread] [Top] [All Lists]