ICMP spoofed source payload tunneling

转载 2004年09月22日 20:49:00

ICMP spoofed source payload tunneling

I. ABSTRACT

Almost any device having IP stack with enabled ICMP can be used to
be a tunnel redirector.

II. DESCRIPTION

Let's imagine in Net a hacker having his source server(S), destination
server(D), and a ip-capable device - victim(V). S sends to V spoofed ICMP
echo request packet containing IP source address of D, and the data in
Payload.

When V receiving that packet, it sends ICMP echo-reply packet to D, AND
FORWARDS TO D ALL DATA IN PAYLOAD!

Backward is the same.

I spent an only hour to write working exploit attaching this to Linux
tuntap
device...

III. ANALYSIS

Where it can be used?

1. Hacker have a victim traffic to that one cost lesser than to the World.
That way Victim will pay for traffic with other hacker's server.

2. Hacker have no access to the world at all, but have external server
(D). For Victim can be used any neighbour device (I tried IP phone - it
works!) or even firewall or gateway! This can make a tunnel through a
server with completely disabled IP forwarding at all.

Very high probability of their attacks is in ISPs that gives a free access
to some networks (I know that situation exists in Ukraine - to UA Internet
Exchange access often is free and/or at higher speed, and in home Ethernet
networks almost all ISPs provides free access to their clients and local
resources).

IV. DETECTION
This can be detected by observing an anomally ICMP activity, and if you
have more than one network interfaces - by presence of spoofed packets
that can't be in certain interfaces. Or maybe by viewing your Internet
bill ;-)

V. WORKAROUND

Turning On reverse-path filtering and other antispoofed
mechanisms. Limiting rates or even denying ICMP type 8 at all.

how to understand TSs – S1 handover with MME and SGW relocation and Indirect Tunneling

http://www.imacandi.net/windancer/2010/04/08/how-to-understand-tss-s1-handover-with-mme-and-sgw-relo...

Tunneling

我们在使用Linux集群的时候有不少的问题需要解决,其实有最总要的问题就在与Linux集群的原理理解与安装过程。那么在这里大家就会学习有关Linux集群的原理安装技术,这会为在之后的工作有很大帮助。 ...

TUN(IP Tunneling)介绍

通过IP隧道实现虚拟服务器(VS/TUN) 在VS/NAT 的集群系统中,请求和响应的数据报文都需要通过负载调度器,当真实服务器的数目在10台和20台之间时,负载调度器将成为整个集群系统的新瓶颈。大...

HTTP tunneling工具-端口转发

原理:就是个HTTP tunneling工具!php +——————————————-+ +——————————————-+ Local Host ...
  • pyphrb
  • pyphrb
  • 2016年07月27日 10:00
  • 1324

RTP Payload Format for H.264 Video

  • 2017年03月31日 17:05
  • 278KB
  • 下载

DNS Tunneling及相关实现

*本文原创作者:novsec,本文属FreeBuf原创奖励计划,未经许可禁止转载 DNS Tunneling,是隐蔽信道的一种,通过将其他协议封装在DNS协议中传输建立通信。因为在我们的网络...
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:ICMP spoofed source payload tunneling
举报原因:
原因补充:

(最多只允许输入30个字)