mailing list archives
Re: Smurf ,land attacks
From: j mattox <security () wirerats org>
Date: 12 Nov 2002 11:50:51 -0000
In-Reply-To: <001c01c2882c$53eec250$0f64640a () packeteye com>
I believe that this can be done with tools such as dsniff. In =
attack which uses ICMP protocol can easily be spoofed simply by writing =
small script. For example, using ping alone you can do the following =
using the dummy module for linux:
/sbin/insmod -o dummy /lib/modules/[kernel
/sbin/ifconfig dummy up 10.10.10.10 ( or any address)
ping -I 10.10.10.10 [hostname to send packets to] -P [packetsize]
It will send a custom packetsize to the specified hostname. Keep in =
this is strictly for ICMP traffic.
Hope this helps!
Wirerats Network Security, Inc.
My question is this: how does an attacker accomplish modifying a packet
sending it; such as in a land.c attack - how does he modify the packet to
reflect the victim's source and destination IP and then send it onto the
From: Fuchs Bernhard [mailto:Bernhard.Fuchs () itellium com]
Sent: Tuesday, November 05, 2002 5:58 AM
To: 'vijay vikram shreenivos'; security-basics () securityfocus com
Subject: AW: Smurf ,land attacks
with "IP spoofing" you give a different source address to the packet. the
address is different to your real address. You do this for cloaking your
scan or if company A scans company B and spoofes the address of company
so company b thinks it is company c scanning them! o.k.? but company a
not get any results back! this is mostly to cloak your own scan.
Smurf is a DoS-Attack (denial of service)
You Amplifi your ping through a big network. You ping a subnet like
x.x.x.255 with an SPOOFED IP-Adress and every computer on that big net
responses to the poor little machine that has the IP-Adress. Think of
B subnet with a few hosts reply to a ADSL connected machine... 1500kb
download and 196 kb upload :-)
land attack is a TCP SYN packet that has the ip address and port number
the source set to the same as the ip address and port number for the
destination. the server connects to itself.
by the way, google knows it too :-)
Mit freundlichen Grüßen/ sincerely yours
Systems & Services GmbH
Fürther Straße 205
mailto:bernhard.fuchs () itellium com
This email is confidential. If you are not the intended recipient, you
not disclose or use the information contained in it. If you have received
this mail in error, please tell us immediately by return email and delete
the document. E-mails to and from the company are monitored for
reasons and in accordance with lawful business practices. The contents of
this email are those of the individual and do not necessarily represent
views of the company. The company accepts no responsibility once an e-
and any attachments is sent.
Von: vijay vikram shreenivos [mailto:karpagamekapali () rediffmail com]
Gesendet: Samstag, 2. November 2002 08:15
An: security-basics () securityfocus com
Betreff: Smurf ,land attacks
Can someone give the EXACT differences btw
and IP soofing attacks.
Give your Company an email address like
ravi @ ravi-exports.com. Sign up for Rediffmail Pro today!
Know more. http://www.rediffmailpro.com/signup/