IP Spoof

IP Tools Snifer (Erwan L)

IP Spoof

 

  1. TCP/UDP Spoof

 

Here, you can forge TCP or UDP packets.

Will work with RAW sockets, WINPcap, NDIS.

In WINPcap and NDIS mode, the MAC source address will be the sending computer’s one.

XP SP2 will not send forged packets with RAW sockets.

 

 

  1. ICMP

 

Here you can forge ICMP Packets : Echo, Redirect, Mask, Timestamp request, Information request.

 

Echo can be use to guess the remote host operating system (playing with the code bit).

 

Redirect can be used to modify the route table on the remote host.

 

One possible attack

Network looks like this:

Router is 192.168.1.1

You are 192.168.1.2

Victim is 192.168.1.3

Remote host is 66.102.11.99

 

Send an ICMP redirect like this :  source = 192.168.1.1, victim is 192.168.1.3, new gateway for remote host 66.102.11.99 is 192.168.1.2.

This way, next time 192.168.1.3 wants to reach 66.102.11.99, it will send packet to 192.168.1.2 (you).

 

 

  1. TCP Reset

 

You can reset a remote connection on a remote host.

Meaning you can reset a connection between host A and host B being host C.

IP tools will send spoof TCP reset frames with a SEQ number from 0 to FF FF FF FF with a step of Window Size.

 

If you can guess a TCP Seq number close enough (within the window size), then you can reset a remote connection on a remote host.

You also have to guess the client TCP port (> 1024).

 

 

  1. NBT Name Service

 

You can send false windows host announcement (UDP / 138).

The browser list will then display false informations.

 

 

  1. DCHP Release

 

You can send a false DHCP release packet to a DHCP server.

The server will then free the IP and offer it to somebody else.

This could create IP collision.