Results 1 to 5 of 5

Thread: Rerouting/Replaying/Hijacking Question (Educational Info)

  1. #1

    Rerouting/Replaying/Hijacking Question (Educational Info)

    I'm working on my CCSP and I'm learning how to prevents rerouting/replay/hijack attacks. My question is... I'm wondering if anyone know HOW to construct these types of attacks? Many tutorials or book I have read give info on these types of attacks, but doesn't go into enough detail to actually carry them out. And the tutorials that do cover this area just ramble on about skiddie progs. I would like to learn how to construct packets with data to change a routing table or how to properly hijack a TCP/IP session. I do have a good understanding of the TCP/IP protocol stack and sniffing networks so I don't need a beginner's guide.

    And please don't point me to script kiddie progs and I already know the "Hacking Exposed" definition. So, if anyone is willing to point me towards a good tutorial or book please let me know. Actually any help would be greatly appreciated.

    Thanks,
    Trench

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Hrmm... I sorta pondered this. I sent you a PM with some suggestions but thought I'd post more here. Exactly how detailed do you want to go?

    I found a few options that might help you:
    http://www.insecure.org/stf/iphijack.txt
    http://ouah.kernsh.org/mitmbrief.htm
    http://staff.washington.edu/dittrich...ec/hijack.html (the links at the top might be of use)

    Usually when I look for papers I start at one of two places: Sans Reading Room and Google. Sans might be another location to get some details from.

    [edit]Oh.. I just thought of something. I think it was in Northcutt's Intrusion Detection Analysis book. I think that's where I first got one of the better definitions of hijacking. I read the 1st edition cover to cover (wasn't hard at 200 pages) but I do distinctly remember it. I've also read the 2nd and the 3rd is on the to-read list. That might be worthwhile checking out. Look at the chapter on Mitnick.[/edit]
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Great, thanks for the info. I'll start with these suggestions and I'll have to check out that book.

    And to answer your question on how in depth I want to go... I want to get down to construtiing the packets. I know this type attack isn't very popular because you need to be in between the communicating parties, but by learning how to do it I will have a better understanding on networking and TCP/IP in general.

    Again, thanks.
    Trench

  4. #4
    Senior Member
    Join Date
    Jun 2003
    Posts
    134
    You should probably work with some programs like Hunt or Juggernaut to actually perform a session hijacking attack. For replaying you can use TCP Replay. Then when you successfully pull off some of those you can use some of the other tools for packet injection. I hope you have a very solid knowledge of how packets are constructed because you are going to need it. Good luck.
    Sysmin Sys73m47ic
    -The Hacker Pimps
    -Development Team {FuxorWRT}
    http://www.AntiOnline.com/sig.php?imageid=563

  5. #5
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    I don't know what your OS/computer situation is, but if your game for trying a BSD, and have a spare PC, then I'd
    recommend installing FreeBSD on it. In the security ports collection (/usr/ports/security) and the networking
    ports collection (/usr/ports/net) you'll find a number of these kinds of 'testing/auditing' tools. Just a suggestion. The
    articles and tools mentioned by MsMittens and sysmin770 are something you should definitely explore however.

    -- spurious
    Get OpenSolaris http://www.opensolaris.org/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •