Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Any way to automatically change arbitrary headers of IP packets on-t

from [DJ Ether] Network Security [Permanent Link]
Subject: Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?
Date: Wed, 13 Apr 2005 16:50:14 -0400
Perhaps this tool will help you. I wrote it a long time ago. It allows you to create any type of ipv4 packet and send them off at high speeds. You can customize most parts of the IP and overlying protocol headers.
It's called `rain` and I believe it is in many ports on various distros, but here is a version I never publically released (well until this list):

http://www.ethericmist.net/files/rain-1.2.8r4.tar.gz

md5sum: a06b4eef3b4635de47d82aba0064187f

Hope you find it useful.

_e

João Paulo Caldas Campello wrote:

Hi,

  Does anybody know any userland tool, Linux kernel module,
iptables/netfilter module, or whatever mechanism to change arbitrary
headers of IP packets on-the-fly as long as they traverse the IP
stack? Is there any known paper regarding this subject?

  The whole story is that I'm doing some research and lab tests on
semi-blind IP spoofing (i.e. Loose/Strict IP Source Routing) on
borders routers and firewalls, so I need an easy way to alter the "IP
Options" fields of IP packets to test if the routers/firewalls are
vulnerable to IP spoofing (e.g. not doing ingress filtering) in
conjunction with source routing techniques.

  Yes, I know most modern firewalls should just drop IP Options
flagged packets, but not all firewalls do that with default
configurations.

  Sure I can construct raw IP packets with the proper IP Options
fields set on, but I'm also doing sort of a penetration test so I need
a way to automate this task as the packets traverse the stack. This
way I could still use well-known and proven penetration test tools
such as port and vulnerability scanners, web spiders, and so on.

  I've already read Netfilter documentation (specially the "Linux
netfilter Hacking HOWTO") so I know this kind of packet mangling can
be done in userspace. I thought it could be done in the "MANGLE" table
of netfilter, but I found no TARGET that achieves that nor any
documentation about altering arbitrary IP headers.

The question is:

  - Does already exist such a tool, module or whatever way to change
arbitrary headers of IP packets on-the-fly or will I have to (try to)
write one? =)

Cheers,

João Paulo Campello,
Network Security Analyst,
Tempest Security Technologies.




[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?, Foundation Linux
Next by Date:  Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?, Valdis . Kletnieks
Previous by Thread:  Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?, Foundation Linux
Next by Thread:  Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?, Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]