Packet Spoofing
Results 1 to 9 of 9

Thread: Packet Spoofing

  1. #1
    Member
    Join Date
    Sep 2003
    Posts
    69

    Packet Spoofing

    ok heres my problem, in about a week or so me and a group of friends about 10of us are have a wargame over a lan, i was wondering if anyone new were i could get a program for linux pref RH or Mandrake to spoof the returning packets of pings etc so it makes my linux machine look like a insecure windoez box.
    Signature image is too tall!

  2. #2
    Member
    Join Date
    Dec 2003
    Posts
    31
    Well I know that nmap uses some things like TTL of packets and other stuff like that for os finger prints, but how to change that in Linux, I don't know. You can check in nmap docs and google what it really checks for os finger printing and then look if you can change that on linux? Ok, I wasn't really useful, I'm just a newbie :P If you find something, tell me. Maybe you can use netcat to emulate some windows services too?

    Some links I found :
    http://www.insecure.org/nmap/nmap-fi...g-article.html
    http://infosecuritymag.techtarget.co...l/logoff.shtml
    http://cert.uni-stuttgart.de/archive.../msg00195.html
    (I didn't checked those, so maybe they sucks, but some of those websites are well known)

    So you might want to check on goole for :
    packets forging
    os fingerprinting
    etc..

    spoofing is the process of changing your IP in the packet I think. Someone can clarify that?

    hope this help

  3. #3
    Senior Member Wazz's Avatar
    Join Date
    Apr 2003
    Posts
    288
    Use a Honeypot.....you would simply need to configure it to "look" like a Windows box......
    "It is a shame that stupidity is not painful" - Anton LaVey

  4. #4
    Member
    Join Date
    Sep 2003
    Posts
    69
    you got any good honey pot links
    Signature image is too tall!

  5. #5
    Member
    Join Date
    Dec 2003
    Posts
    31
    http://project.honeynet.org/ is a good start.
    Search for Honeypot and Honeynet on goole and on this forum, you'll fin usefull information.

  6. #6
    Junior Member
    Join Date
    Aug 2003
    Posts
    12
    A Tarpit would be even better. Not only does it simulate a box, it traps the attackers connection.

    Rob

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Or, for extra special value, run a Windows install inside vmware (or NT4 in bochs if you're very patient), and set it up really insecure.

    Firewall it (on the Linux box) so that it can't be used for egress, and watch as they own it and believe they've won

    Slarty

  8. #8
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    What you could do is use portsentry to to detect any scans at all, and then use iptables and mirror so that in the wargames anyone that tries to attack your box ends up attacking themselves.

    Look here for details :

    http://www.antionline.com/showthread...hreadid=251870

    and here for the use of mirror

    http://www.antionline.com/showthread...172#post685172

    If your are intrerested and want more details, drop me a PM

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  9. #9
    Senior Member Wazz's Avatar
    Join Date
    Apr 2003
    Posts
    288
    That's a sweet one slarty!
    "It is a shame that stupidity is not painful" - Anton LaVey

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •