-
December 30th, 2003, 05:01 AM
#1
Member
Packet Spoofing
ok heres my problem, in about a week or so me and a group of friends about 10of us are have a wargame over a lan, i was wondering if anyone new were i could get a program for linux pref RH or Mandrake to spoof the returning packets of pings etc so it makes my linux machine look like a insecure windoez box.
Signature image is too tall!
-
December 30th, 2003, 05:13 AM
#2
Member
Well I know that nmap uses some things like TTL of packets and other stuff like that for os finger prints, but how to change that in Linux, I don't know. You can check in nmap docs and google what it really checks for os finger printing and then look if you can change that on linux? Ok, I wasn't really useful, I'm just a newbie :P If you find something, tell me. Maybe you can use netcat to emulate some windows services too?
Some links I found :
http://www.insecure.org/nmap/nmap-fi...g-article.html
http://infosecuritymag.techtarget.co...l/logoff.shtml
http://cert.uni-stuttgart.de/archive.../msg00195.html
(I didn't checked those, so maybe they sucks, but some of those websites are well known)
So you might want to check on goole for :
packets forging
os fingerprinting
etc..
spoofing is the process of changing your IP in the packet I think. Someone can clarify that?
hope this help
-
December 30th, 2003, 06:36 AM
#3
Use a Honeypot.....you would simply need to configure it to "look" like a Windows box......
"It is a shame that stupidity is not painful" - Anton LaVey
-
December 30th, 2003, 07:10 AM
#4
Member
you got any good honey pot links
Signature image is too tall!
-
December 30th, 2003, 07:19 AM
#5
Member
http://project.honeynet.org/ is a good start.
Search for Honeypot and Honeynet on goole and on this forum, you'll fin usefull information.
-
December 30th, 2003, 12:18 PM
#6
Junior Member
A Tarpit would be even better. Not only does it simulate a box, it traps the attackers connection.
Rob
-
December 30th, 2003, 12:41 PM
#7
Or, for extra special value, run a Windows install inside vmware (or NT4 in bochs if you're very patient), and set it up really insecure.
Firewall it (on the Linux box) so that it can't be used for egress, and watch as they own it and believe they've won ![smile](https://antionline.com/images/smilies/smile.png)
Slarty
-
December 30th, 2003, 01:02 PM
#8
What you could do is use portsentry to to detect any scans at all, and then use iptables and mirror so that in the wargames anyone that tries to attack your box ends up attacking themselves.
Look here for details :
http://www.antionline.com/showthread...hreadid=251870
and here for the use of mirror
http://www.antionline.com/showthread...172#post685172
If your are intrerested and want more details, drop me a PM
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
December 31st, 2003, 05:01 AM
#9
That's a sweet one slarty!
"It is a shame that stupidity is not painful" - Anton LaVey
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|