RE: *warning* student question

["Shawn Jackson" <sjackson () horizonusa com>]

        You could hijack a socket on a system to capture traffic
intended for another session/program on the same system, think of this
like old shred computer session hacking, but instead of taking over
their shell session you're taking over their network socket. The CRC of
an IP header is a hash of the payload of the packet and is not random,
last time I checked, or am I missing something?

        Can this be done remotely, no. You would need to gain access to
the target system and compromise then kernel of that system to place
your 'redirect' code, or run a program on top of the kernel that would
sit between the socket and kernel. Unless there is a glaring exploit
just attacking the sockets will not gain any sizable benefit,
(exception, DOS attacks, SYN Floods, etc). To program the socket, you
need access to the system; you can't remotely program a socket without
access in one way, shape or form to the target system and thus the
backend programming for that socket. 

        Ask your professor for a proof of concept. A properly configured
router will drop invalid packets, but so will a properly configured
switch. IDS will immediately flag traffic with bad checksums or bad
ARP's. Port security will deactivate a port which try's and spoof a used
IP address. Systems will also drop TCP packets with bad checksums. You
need to have access to your tcp stack on your system to do almost any
kind of complex hack, that's why *NIX/BSD is popular for hacking is that
what your professor is inferring?

        Do you have any more information? What type of attack are you
trying to do? Are you trying to modify the target systems sockets/tcp
stack or a MiM system? What is the overall goal of the attack, gain
information, gain root, down the system, etc? Receive the packets back
from where? 

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson () horizonusa com
Phone: (775) 858-2338
             (800) 325-1199 x338


-----Original Message-----
From: Aaron Scribner [mailto:awscrib () comcast net] 
Sent: Monday, January 19, 2004 9:55 AM
To: security-basics () securityfocus com
Subject: *warning* student question

I have been lurking on this list for about 3 months now....and I am more

clueless now than when I signed up.

One day talking to my prof after a UNIX/TCP class, we started talking
about 
raw socket programming.  My prof introduced the idea of being able to 
program with raw sockets to "hijack" a connection.  He presented this to
a 
buddy of mine and I as a self-study in the Network Lab.  Basically, be
able 
to get into a system without a trace and be able to receive the packets 
back.  I know you can change the IP and MAC ID of the IP header, but
then 
you have to worry about the random CRC of IPv6 (and being on this list
and 
reading, I found out most routers will just drop invalid packets).  I 
COMPLETELY have not a clue where to start.  I read whatever I could get
my 
hands on over the winter break, but I know nothing when it comes to
network 
security, just network communication through code.  I have a background
in 
c/c++ and a couple years of game development (then went back to school 
after the game flopped), so network security is far from my specialty.

The point of this email, is this even possible to accomplish?  We have 
another project that we can work on that we will be able to complete to
85% 
no problems.  Should we attempt to take on the "network hijacking"
project 
or just look at something else.  I do not need a solution to the
problem, 
as that would defeat the purpose of the class, just curious if anyone
has 
researched this or attempted to do it themselves.

Thanks for the bandwidth,

Aaron


------------------------------------------------------------------------
---
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
any 
course! All of our class sizes are guaranteed to be 10 students or less.

We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720
off 
any course!  
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------