November 11th, 2003, 10:22 PM
Rerouting/Replaying/Hijacking Question (Educational Info)
I'm working on my CCSP and I'm learning how to prevents rerouting/replay/hijack attacks. My question is... I'm wondering if anyone know HOW to construct these types of attacks? Many tutorials or book I have read give info on these types of attacks, but doesn't go into enough detail to actually carry them out. And the tutorials that do cover this area just ramble on about skiddie progs. I would like to learn how to construct packets with data to change a routing table or how to properly hijack a TCP/IP session. I do have a good understanding of the TCP/IP protocol stack and sniffing networks so I don't need a beginner's guide.
And please don't point me to script kiddie progs and I already know the "Hacking Exposed" definition. So, if anyone is willing to point me towards a good tutorial or book please let me know. Actually any help would be greatly appreciated.
November 11th, 2003, 11:43 PM
Hrmm... I sorta pondered this. I sent you a PM with some suggestions but thought I'd post more here. Exactly how detailed do you want to go?
I found a few options that might help you:
http://staff.washington.edu/dittrich...ec/hijack.html (the links at the top might be of use)
Usually when I look for papers I start at one of two places: Sans Reading Room and Google. Sans might be another location to get some details from.
Oh.. I just thought of something. I think it was in Northcutt's Intrusion Detection Analysis book. I think that's where I first got one of the better definitions of hijacking. I read the 1st edition cover to cover (wasn't hard at 200 pages) but I do distinctly remember it. I've also read the 2nd and the 3rd is on the to-read list. That might be worthwhile checking out. Look at the chapter on Mitnick.[/edit]
November 13th, 2003, 12:07 AM
Great, thanks for the info. I'll start with these suggestions and I'll have to check out that book.
And to answer your question on how in depth I want to go... I want to get down to construtiing the packets. I know this type attack isn't very popular because you need to be in between the communicating parties, but by learning how to do it I will have a better understanding on networking and TCP/IP in general.
November 13th, 2003, 02:34 AM
You should probably work with some programs like Hunt or Juggernaut to actually perform a session hijacking attack. For replaying you can use TCP Replay. Then when you successfully pull off some of those you can use some of the other tools for packet injection. I hope you have a very solid knowledge of how packets are constructed because you are going to need it. Good luck.
November 13th, 2003, 10:43 AM
I don't know what your OS/computer situation is, but if your game for trying a BSD, and have a spare PC, then I'd
recommend installing FreeBSD on it. In the security ports collection (/usr/ports/security) and the networking
ports collection (/usr/ports/net) you'll find a number of these kinds of 'testing/auditing' tools. Just a suggestion. The
articles and tools mentioned by MsMittens and sysmin770 are something you should definitely explore however.
Get OpenSolaris http://www.opensolaris.org/