ICMP spoofed source payload tunneling

转载 2004年09月22日 20:49:00

ICMP spoofed source payload tunneling

I. ABSTRACT

Almost any device having IP stack with enabled ICMP can be used to
be a tunnel redirector.

II. DESCRIPTION

Let's imagine in Net a hacker having his source server(S), destination
server(D), and a ip-capable device - victim(V). S sends to V spoofed ICMP
echo request packet containing IP source address of D, and the data in
Payload.

When V receiving that packet, it sends ICMP echo-reply packet to D, AND
FORWARDS TO D ALL DATA IN PAYLOAD!

Backward is the same.

I spent an only hour to write working exploit attaching this to Linux
tuntap
device...

III. ANALYSIS

Where it can be used?

1. Hacker have a victim traffic to that one cost lesser than to the World.
That way Victim will pay for traffic with other hacker's server.

2. Hacker have no access to the world at all, but have external server
(D). For Victim can be used any neighbour device (I tried IP phone - it
works!) or even firewall or gateway! This can make a tunnel through a
server with completely disabled IP forwarding at all.

Very high probability of their attacks is in ISPs that gives a free access
to some networks (I know that situation exists in Ukraine - to UA Internet
Exchange access often is free and/or at higher speed, and in home Ethernet
networks almost all ISPs provides free access to their clients and local
resources).

IV. DETECTION
This can be detected by observing an anomally ICMP activity, and if you
have more than one network interfaces - by presence of spoofed packets
that can't be in certain interfaces. Or maybe by viewing your Internet
bill ;-)

V. WORKAROUND

Turning On reverse-path filtering and other antispoofed
mechanisms. Limiting rates or even denying ICMP type 8 at all.

利用 ICMP 隧道穿透防火墙

以前穿透防火墙总是使用 SSH 隧道、DNS 隧道或 HTTP 隧道等等,今天来说一个利用 SNMP 隧道进行穿透工具–icmptunnel。 简介 icmptunnel 可以将 IP...
  • qq_27446553
  • qq_27446553
  • 2016年09月18日 00:57
  • 1301

icmp错误分类

ICMP类型:    0     Network Unreachable——网络不可达            1     Host Unreachable——主机不可达          ...
  • an_zhenwei
  • an_zhenwei
  • 2014年09月25日 17:30
  • 2138

webservice 入门笔记三通过payload发送消息

新建一个User类:  packagecom.zhutulang.soap; importjavax.xml.bind.annotation.XmlRootElement; @XmlRootEl...
  • zhutulang
  • zhutulang
  • 2016年04月11日 21:28
  • 1424

TUN(IP Tunneling)介绍

通过IP隧道实现虚拟服务器(VS/TUN) 在VS/NAT 的集群系统中,请求和响应的数据报文都需要通过负载调度器,当真实服务器的数目在10台和20台之间时,负载调度器将成为整个集群系统的新瓶颈。大...
  • u011642663
  • u011642663
  • 2016年03月22日 22:21
  • 1257

SOAP消息的传递和处理(PAYLOAD方式)

/** * 消息的传递和处理(PAYLOAD) * 通过负载来传递 */ @Test public void test03() { try { //1.创建服务(Service) UR...
  • linjingj
  • linjingj
  • 2014年01月30日 10:10
  • 3012

Reverse SSH Tunneling

Have you ever wanted to ssh to your Linux box that sits behind NAT? Now you can with reverse SSH tun...
  • xyw_Eliot
  • xyw_Eliot
  • 2014年06月11日 20:58
  • 1276

IPV6下的ping源代码

IPV6下的ping源代码,摘至iputils源代码中 /* * * Modified for AF_INET6 by Pedro Roque * * * * Origin...
  • lqrensn
  • lqrensn
  • 2012年10月18日 12:47
  • 3215

解决Microsoft Teredo Tunneling Adapter >>>這個裝置無法啟動。 (代碼 10)

在左下方開始點一下搜尋:regedit 2 . 點HKEY_LOCAL_MACHINE 點SYSTEM 點CurrentControlSet 點services 點TCPIP6...
  • qq_22274565
  • qq_22274565
  • 2017年12月01日 15:16
  • 288

xshell 设置tunneling 动态代理

2017-12-21 由于工作的环境需要看到其他集群的页面状态,但是不能直连,花了半天的时间整理了一份关于配置动态代理,实现远程观察集群的页面状态和讲远程服务器的文件本地Xshell图形化展示。 ...
  • mengxpFighting
  • mengxpFighting
  • 2017年12月21日 20:07
  • 71

Easy vpn -------------------split-tunnel 的主要作用

split-tunnel 的主要作用在于是VPN-CLIENT在使用的同时还能能使用互连网 。 Split tunneling:The ability to simultaneously direct...
  • lanscape
  • lanscape
  • 2009年07月30日 11:20
  • 2927
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:ICMP spoofed source payload tunneling
举报原因:
原因补充:

(最多只允许输入30个字)