Discussion:
Successfullness of attacks (ICMP)
(too old to reply)
oneders
2005-09-27 01:01:48 UTC
Permalink
Hi
I am back again, thanx for the previous responses.
I have few more doubts.
In my network of three systems (on RedHat 9.0), netwox tool was used
for "ICMP host unreachable", ICMP source quench" and "ICMP route
redirect" kind of attacks.

Here are my queries....
1) For all the three atatcks, the attacker became the victim (according
to me). Here is the scene..
B was the attacker and for the tool that I used to attack, I mentioned
the source IP address of the victim which was A here.
When C pinged B, it received "ping from A, destination unreachable",
"ping from A, source quench" and "ping from A, route redirect"
messages. Also in all the three cases when the attacker pinged the
victim it got all above mentioned messsages.

Now I am confused, how to interpret the results.Please help me out.
Also can anyone tell me:
a)can ICMP packets be to break an existing TCP connection between a
victim and a server in Redhat 9.0? I know, its possible in other OS, I
dunno whether its possible in RedHat 9.0 and I am unable to interpret
the observations.


thank you
Shantanu
l***@aql.fr
2005-09-28 07:05:53 UTC
Permalink
Hello,

I guess you did not understand how the tool works. It is a bit
complicated.

You have to set a filter. This is because it can be used to redirect a
flow matching only some criteria (such as a port number or a client
IP).

In your example:
netwox 86 --filter "host A" --gw B --src-ip A
netwox 86 --filter "dst host A and src host C" --gw B --src-ip A

Please note these kind of attack are obsolete now. Most OS are
protected against this vulnerability by rejecting icmp redirects.

Regards,
Laurent Constantin
http://vigilance.aql.fr/ for vulnerabilities
http://www.laurentconstantin.com/ for network tools

Loading...