RE: *warning* student question

["Mark Kovacic" <Mark.Kovacic () barrsystems com>]

What option is this supposed CRC or hash supposed to be?

I have the rfc's in front of me and I am hunting for any mention of such
a field, it isn't one of the standard fields, so it must be an optional
one.

Mark Kovacic, Senior Systems Programmer
Barr Systems, Inc.  www.barrsystems.com
352-491-3100   Mark.Kovacic () barrsystems com

-----Original Message-----
From: Aaron Scribner [mailto:awscrib () comcast net]
Sent: Tuesday, January 20, 2004 11:44 AM
To: security-basics () securityfocus com
Subject: RE: *warning* student question


>         You could hijack a socket on a system to capture traffic
> intended for another session/program on the same system, think of this
> like old shred computer session hacking, but instead of taking over
> their shell session you're taking over their network socket. The CRC of
> an IP header is a hash of the payload of the packet and is not random,
> last time I checked, or am I missing something?

I thought I read something about IPv6 having randomly generated CRCs for

packet checking.  From my understanding of what was discussed.  The two
systems talking to each other know the "key" and the CRC is not in a
straight sequence.


>         Can this be done remotely, no. You would need to gain access
to
> the target system and compromise then kernel of that system to place
> your 'redirect' code, or run a program on top of the kernel that would
> sit between the socket and kernel. Unless there is a glaring exploit
> just attacking the sockets will not gain any sizable benefit,
> (exception, DOS attacks, SYN Floods, etc). To program the socket, you
> need access to the system; you can't remotely program a socket without
> access in one way, shape or form to the target system and thus the
> backend programming for that socket.
>
>         Ask your professor for a proof of concept. A properly
configured
> router will drop invalid packets, but so will a properly configured
> switch. IDS will immediately flag traffic with bad checksums or bad
> ARP's. Port security will deactivate a port which try's and spoof a
used
> IP address. Systems will also drop TCP packets with bad checksums. You
> need to have access to your tcp stack on your system to do almost any
> kind of complex hack, that's why *NIX/BSD is popular for hacking is
that
> what your professor is inferring?

He is wanting us to be able to root the target, but do it by IP spoofing

and generating the IP headers ourselves.  It is supposed to be a
programming experiment, but it seems as there is a lot more involved
than
just generating our own packets, which is quite simple.  Now being able
to
do anything with those packets in the "real world", that is a completely

different ball game.


>         Do you have any more information? What type of attack are you
> trying to do? Are you trying to modify the target systems sockets/tcp
> stack or a MiM system? What is the overall goal of the attack, gain
> information, gain root, down the system, etc? Receive the packets back
> from where?

He is wanting us to receive the packets back to location we are
attacking
from.  I am going to talk to him about changing the project.  I have
senioritis, taking 20 hours and want to do something fun.  Not saying
this
would be fun, but the other project uses OpenGL if you catch my drift
=).  Many thanks for the insight and your time on this subject, but I
would
be asking way too many questions trying to get this accomplished.  I
have
never hacked anything and I do not ever foresee myself hacking into a
system, unless I get into network security like you guys.

Thanks again,

Aaron "clueless about network security" Scribner


> Shawn Jackson
> Systems Administrator
> Horizon USA
> 1190 Trademark Dr #107
> Reno NV 89521
>
> www.horizonusa.com
> Email: sjackson () horizonusa com
> Phone: (775) 858-2338
>              (800) 325-1199 x338



------------------------------------------------------------------------
---
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off
any
course! All of our class sizes are guaranteed to be 10 students or less.

We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion
Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720
off
any course!
------------------------------------------------------------------------
----


This email and any files transmitted with it are confidential and intended solely for the use of the individual or 
entity to whom they are addressed. If you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the individual named. If you are not the named 
addressee you should not disseminate, distribute or copy this e-mail.

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------