I was scanning a network I have access to (legit), and saw a few 'interesting' packets, and was curious, is there a program one can use to edit packets, so to speak, and change what computer it says the packet is coming from?
Printable View
I was scanning a network I have access to (legit), and saw a few 'interesting' packets, and was curious, is there a program one can use to edit packets, so to speak, and change what computer it says the packet is coming from?
Not sure of a program, but this is more or less the definition of spoofing.
Heard of the tearm and know what it is, how would I prevent it, or learn how to do it, so I can figure out how to prevent it? The best way to prevent something is to learn how to do it yourself.:cool:
Really? Do you write your own viruses and spyware too, or do you just slap some protection software on there. The argument that one must learn how to do something to prevent it is just regurgitated dogma.Quote:
Heard of the tearm and know what it is, how would I prevent it, or learn how to do it, so I can figure out how to prevent it? The best way to prevent something is to learn how to do it yourself.
- Let's go fight a war so we can learn how to prevent it.
- Let's screw the prom queen so we can learn how to prevent teen sex.
- Shoot heroin in my arm so I can learn how to stop drug abuse.
Most software already prevents it for you, and those that don't are patched so they do, until someone figures out how to circumvent it, then the software needs to be updated again, and round and round we go. If you want to learn how to prevent it, then understand where the flaws lie in the applications, and how they are exploited. Understand the motivation of skiddies and malicious coders.
If you want to study how they work in order to recognize the behaviors, then that is another story all together. Those skills are useful in Incident Response or Computer Forensics. If you want to study how it can be done in order to be able to conduct effective pen testing or vulnerability assessment, than that too is another matter. Understanding how something works is not the same as learning how to do it.
Better yet, learn about an OS, any OS, TCP/IP, read any of the RFC's. If you understand those things, then there is no real need to know how to facilitate an attack. If you understand, then you will be able to prevent those things.
Now you'll have to excuse me. I'm on a mission to prevent alcoholism, so I am going to get s**t-faced. :p
I think its a perfectly legit argument, not valid in the instances you use, because it is pointless things, not ones of critcal importance, although, screwing the prom queen isn't a bad idea.... :D
Who would you rather have secure your computer against hackers, a profesional hacker, such as a certified ethical hacker, a goal I hope to eventually reach, or a security profesional?
The security profesional knows what programs and policies to set to secure the computer. The hacker knows how to break into your computer, and therefore, how to fix the hole.
Who would you rather have protect your house against burgaries, like in the show It takes a thief, an ex-theif, or someone who secures homes as a profession, I gotta go at the moment, but if you insist, i will prove my point when I have time.
My money would be on the security professional, as that is a much more balanced and comprehensive skillset.
Hackers are inevitably limited and blinkered due to the single-mindedness of their objectives. Also, their knowledge is very perishable due to the patches that groovicus has mentioned.
:)
wait...so I shouldnt shoot up heroin to learn to prevent drug abuse?
Yup, I've seen threads like this before. I know how you can prove your point. HaCk yOuR ScHoOlS AdMiN PaSsWoRd. Then log into the system and give all your buddies straight A's. After you're expelled, get a job in the security field and post to the AO community with your new job credentials.Quote:
Originally posted here by LaoTzu
Who would you rather have protect your house against burgaries, like in the show It takes a thief, an ex-theif, or someone who secures homes as a profession, I gotta go at the moment, but if you insist, i will prove my point when I have time.
Ok, you got me. Understanding teen sex and drug addiction are indeed pointless. I'm sure all the sociologists, scientists, and psychologists who have made careers out of studying that sort of thing will be comforted to know that their life's work is pointless.
No. At worst, they may know a couple of different ways to exploit a system by hand. At best, they know how to run a suite of tools to find the vulnerabilities. And keep in mind that vulnerability testing and pen testing are two very different things. And what is the so called hacker going to do when he/she finds a vulnerability? Are they going to rewrite your OS or application for you, or are they going to tell you to patch your system? I'll vote for the latter. In the case of the former, the reason they don't have to depend on the tools is that they understand the OS.Quote:
The hacker knows how to break into your computer, and therefore, how to fix the hole.
That argument is not valid. You are implying that only two kinds of people know how to secure a house. I would contend that architects, engineers, insurance adjusters, and building inspectors know quite a lot about home security also.Quote:
Who would you rather have protect your house against burgaries, like in the show It takes a thief, an ex-theif, or someone who secures homes as a profession
Hope you have lots of time :)Quote:
i will prove my point when I have time.
Does this mean I'm fully qualified to prevent teen sex?
Quote:
Who would you rather have secure your computer against hackers, a profesional hacker, such as a certified ethical hacker, a goal I hope to eventually reach, or a security profesional?
The security profesional knows what programs and policies to set to secure the computer. The hacker knows how to break into your computer, and therefore, how to fix the hole.
Who would you rather have protect your house against burgaries, like in the show It takes a thief, an ex-theif, or someone who secures homes as a profession, I gotta go at the moment, but if you insist, i will prove my point when I have time
thats the biggest load of crap ever. Have you seen the show "it takes a theif" most of those people dont even lock their doors. Its easy to tell somone what they need to do to secure a home. and all they do is put better locks and have the people use them, big deal that does not take a genius it takes common sense.
a computer is the same. a "ethical hacker" probably wont be better than a security professional. Most "hackers" area bunch of script kiddies who dont know why their tools work, or why exploits are there, or why the vulnerabilities give them access to things. A good security professional will know these things. It takes a deeper understanding to secure something than it does to break it. and most "hackers" dont take the time to get that understanding, becasue they are in it for that "hollywood hacker" profile. Not the true sense of wanting to learn and make things better. I would take a good security professional over a "ethical hacker" anyday. and I would much perfer somone who earns their living by securing houses to do mine then I would a former theif. The security pro doesnt make a living if he isnt good, the theif will be able to point out the flaws but can they really fix them.
think of it this way. If I drop a bomb on a bank and it cracks their vault open, I just broke into. I have no idea how to make that vault stronger, becasue thats not what i do, but I sure know how to break it.
Absolutely... but get to the back of the line..Quote:
Err... that is if I was young enough... They'd slap the cuffs on me real quick like.
Unless... I can find the prom queen from when I was in high school...
/me runs off to Google
Oh yeah... back on topic. Yes, you can "craft" your own packets.
Look into a tool such as hping (thehorse has done tutorials on it).
http://www.hping.org/
You can also look into something like engage packet builder.
http://www.engagesecurity.com/produc...packetbuilder/
usually when you "sniff" a network your in promiscious mode (forget about the prom queen). this means the packet your looking at has already been received by the intended computer unless you have already instituted a man in the middle attack.
You can (as Phish has pointed out ) craft your own packets using things like "packetcrafter" (win32) or hping (*nix)which is included on the "Audit" bootable CD
All the time in the world....Quote:
Originally posted here by groovicus
Ok, you got me. Understanding teen sex and drug addiction are indeed pointless. I'm sure all the sociologists, scientists, and psychologists who have made careers out of studying that sort of thing will be comforted to know that their life's work is pointless.
No. At worst, they may know a couple of different ways to exploit a system by hand. At best, they know how to run a suite of tools to find the vulnerabilities. And keep in mind that vulnerability testing and pen testing are two very different things. And what is the so called hacker going to do when he/she finds a vulnerability? Are they going to rewrite your OS or application for you, or are they going to tell you to patch your system? I'll vote for the latter. In the case of the former, the reason they don't have to depend on the tools is that they understand the OS.
That argument is not valid. You are implying that only two kinds of people know how to secure a house. I would contend that architects, engineers, insurance adjusters, and building inspectors know quite a lot about home security also.
Hope you have lots of time :)
Pointless in the way that you put them, of course they are important subjects of study, in order to understand people, and how to prevent them, but that was obviously not what I was reffering to, I never said that this was a universal rule, that applied to all subjects. I obviously was reffering to security, not teen sex, drugs, hence the fact that I didn't use teen sex and drugs as my examples...:rolleyes:
Of course, there are more than that, that is obvious, but beyond the point, and of course, not all hackers can secrue the holes they exploit. But, in my opinion, I would prefer a trained network admin who also know how to hack. Know your enemy, think like your enemy, be your enemy. You have to use their own techniques to learn how they get in if you want to stop them. Being a[good] hacker, one knows what network admins know
Any good hacker, doesn't have to use programs, and does know the OS. I'll say in all honesty, yes I am a hacker, but, it is one of the best ways to learn about computers, the OS, and securing your network and computer. Many of the exploits I found, and the ones I read about, are stuff most network admins and computer gurus don't know or think about. I have unlocked locked down networks for teachers, and logged into computers that were totaly logged out(admin and everyone), using nothing more than my understanding of the OS, any other network technition, would have no other choice than to reload the computer, or network, due to lack of this knowledge. That is why I say, I would rather have a hacker like me, who know both, as a network technition, as opposed to someone who is just a regular network technition.
For Tedob1, and phishphreek80, thanks, thats what I was wanting to know (at least some people here don't start pointless arguments...*cough*groovicus*cough*...ask a simple question, and you start arguing...)
And any "good hacker" ...*cough*LaoTzu *cough*... doesn't boast about they’re knowledge. They don’t brag, defend themselves or try to show that they are superior to other people.
actually yes, many of them do. Many great thinker in histroy strive to be the best, and to show they are the best. They have a need ot be better than aeveryone else and many times succeed in being very good at something.Quote:
And any "good hacker" ...*cough*LaoTzu *cough*... doesn't boast about they’re knowledge. They don’t brag, defend themselves or try to show that they are superior to other people.