Electronic Books

*Note:
The Ethernet communications process requires a three-way handshake:


SYN: Synchronize


SYN-ACK: Synchronize-Acknowledge


ACK: Acknowledge
When a computer receives an uninitiated SYN-ACK packet its response is
to send a RST (Reset) packet.
The number of packets was set to 100.
266


Practical Hacking Techniques and Countermeasures
Click the
Send
button to send the packets to the target. The
Status
area
at the bottom left of the application will tell you that the packets were sent.
From the target, the Ethereal sniffer was running while the ???spoofed???
RafaleX packets were sent to it. As expected the server received each packet
and identified that:


The source of the packet is coming from 10.10.10.10 on port 123.


The source packet has both the SYN and ACK flags set.
Spoofing


267
By scrolling to the next packet in the series:


The target is responding to the IP address of 10.10.10.10.


The target is setting the RST flag on each packet
.
*Note:
The RafaleX application is an excellent way to ???spoof??? custom packets.
Attackers can place a valid IP address as the source of the packet and the
target will have to attempt to respond to the spoofed address. By sending
hundreds of thousands of packets in this manner, an attacker can create a
Denial of Service attack against a target (refer to Chapter 11).
268


Practical Hacking Techniques and Countermeasures
Lab 49: Spoofing MAC Addresses
Send Packets via False MAC Address: SMAC
Prerequisites:
None
Countermeasures:
Firewall filters, vendor patches where applicable
Description:
Spoofed Media Access Control (SMAC) allows you to ???spoof???
the Media Access Control (MAC) address of the computer it is installed
on.


Pages:
95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119