-
Packet Spoofing
ok heres my problem, in about a week or so me and a group of friends about 10of us are have a wargame over a lan, i was wondering if anyone new were i could get a program for linux pref RH or Mandrake to spoof the returning packets of pings etc so it makes my linux machine look like a insecure windoez box.
-
Well I know that nmap uses some things like TTL of packets and other stuff like that for os finger prints, but how to change that in Linux, I don't know. You can check in nmap docs and google what it really checks for os finger printing and then look if you can change that on linux? Ok, I wasn't really useful, I'm just a newbie :P If you find something, tell me. Maybe you can use netcat to emulate some windows services too?
Some links I found :
http://www.insecure.org/nmap/nmap-fi...g-article.html
http://infosecuritymag.techtarget.co...l/logoff.shtml
http://cert.uni-stuttgart.de/archive.../msg00195.html
(I didn't checked those, so maybe they sucks, but some of those websites are well known)
So you might want to check on goole for :
packets forging
os fingerprinting
etc..
spoofing is the process of changing your IP in the packet I think. Someone can clarify that?
hope this help
-
Use a Honeypot.....you would simply need to configure it to "look" like a Windows box......
-
you got any good honey pot links
-
http://project.honeynet.org/ is a good start.
Search for Honeypot and Honeynet on goole and on this forum, you'll fin usefull information.
-
A Tarpit would be even better. Not only does it simulate a box, it traps the attackers connection.
Rob
-
Or, for extra special value, run a Windows install inside vmware (or NT4 in bochs if you're very patient), and set it up really insecure.
Firewall it (on the Linux box) so that it can't be used for egress, and watch as they own it and believe they've won :)
Slarty
-
What you could do is use portsentry to to detect any scans at all, and then use iptables and mirror so that in the wargames anyone that tries to attack your box ends up attacking themselves.
Look here for details :
http://www.antionline.com/showthread...hreadid=251870
and here for the use of mirror
http://www.antionline.com/showthread...172#post685172
If your are intrerested and want more details, drop me a PM
Steve
-
That's a sweet one slarty!