- TCP/UDP Spoof
Here, you can forge TCP or UDP packets.
Will work with RAW sockets, WINPcap, NDIS.
In WINPcap and NDIS mode, the MAC source address will be the sending computer’s one.
XP SP2 will not send forged packets with RAW sockets.
Here you can forge ICMP Packets : Echo, Redirect, Mask, Timestamp request, Information request.
Echo can be use to guess the remote host operating system (playing with the code bit).
Redirect can be used to modify the route table on the remote host.
One possible attack
Network looks like this:
Router is 192.168.1.1
You are 192.168.1.2
Victim is 192.168.1.3
Remote host is 188.8.131.52
Send an ICMP redirect like this : source = 192.168.1.1, victim is 192.168.1.3, new gateway for remote host 184.108.40.206 is 192.168.1.2.
This way, next time 192.168.1.3 wants to reach 220.127.116.11, it will send packet to 192.168.1.2 (you).
- TCP Reset
You can reset a remote connection on a remote host.
Meaning you can reset a connection between host A and host B being host C.
IP tools will send spoof TCP reset frames with a SEQ number from 0 to FF FF FF FF with a step of Window Size.
If you can guess a TCP Seq number close enough (within the window size), then you can reset a remote connection on a remote host.
You also have to guess the client TCP port (> 1024).
- NBT Name Service
You can send false windows host announcement (UDP / 138).
The browser list will then display false informations.
- DCHP Release
You can send a false DHCP release packet to a DHCP server.
The server will then free the IP and offer it to somebody else.
This could create IP collision.