Packet Spoofing

Printable View

December 30th, 2003, 05:01 AM
Scriptersx

Packet Spoofing

ok heres my problem, in about a week or so me and a group of friends about 10of us are have a wargame over a lan, i was wondering if anyone new were i could get a program for linux pref RH or Mandrake to spoof the returning packets of pings etc so it makes my linux machine look like a insecure windoez box.
December 30th, 2003, 05:13 AM
xicepik

Well I know that nmap uses some things like TTL of packets and other stuff like that for os finger prints, but how to change that in Linux, I don't know. You can check in nmap docs and google what it really checks for os finger printing and then look if you can change that on linux? Ok, I wasn't really useful, I'm just a newbie :P If you find something, tell me. Maybe you can use netcat to emulate some windows services too?

Some links I found :
http://www.insecure.org/nmap/nmap-fi...g-article.html
http://infosecuritymag.techtarget.co...l/logoff.shtml
http://cert.uni-stuttgart.de/archive.../msg00195.html
(I didn't checked those, so maybe they sucks, but some of those websites are well known)

So you might want to check on goole for :
packets forging
os fingerprinting
etc..

spoofing is the process of changing your IP in the packet I think. Someone can clarify that?

hope this help
December 30th, 2003, 06:36 AM
Wazz

Use a Honeypot.....you would simply need to configure it to "look" like a Windows box......
December 30th, 2003, 07:10 AM
Scriptersx

you got any good honey pot links
December 30th, 2003, 07:19 AM
xicepik

http://project.honeynet.org/ is a good start.
Search for Honeypot and Honeynet on goole and on this forum, you'll fin usefull information.
December 30th, 2003, 12:18 PM
realmatic

A Tarpit would be even better. Not only does it simulate a box, it traps the attackers connection.

Rob
December 30th, 2003, 12:41 PM
slarty

Or, for extra special value, run a Windows install inside vmware (or NT4 in bochs if you're very patient), and set it up really insecure.

Firewall it (on the Linux box) so that it can't be used for egress, and watch as they own it and believe they've won :)

Slarty
December 30th, 2003, 01:02 PM
steve.milner

What you could do is use portsentry to to detect any scans at all, and then use iptables and mirror so that in the wargames anyone that tries to attack your box ends up attacking themselves.

Look here for details :

http://www.antionline.com/showthread...hreadid=251870

and here for the use of mirror

http://www.antionline.com/showthread...172#post685172

If your are intrerested and want more details, drop me a PM

Steve
December 31st, 2003, 05:01 AM
Wazz

That's a sweet one slarty!