OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Cynic (cynic_at_progrock.com)
Date: Thu Oct 31 2002 - 03:08:48 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    (Attached below is a post that didn't make it to the list)

    Thanks everyone for the input.
    Sorry for my bad phrasing, I did intend to replay a TCP session without involving my TCP stack.
    Till now, I was using tcpreplay and iptables for the job, however this still leaves the ISN problem.

    Does anyone know perhaps of a commercial tool that automatically (userland..) calculates the ISN & Checksums? I believe I read somewhere that Hailstorm might do the job.
    Any input appreciated, thanks for all the help.

    Cynic.

    --- "David Fried" <dfriedll.mit.edu> wrote:
    >Cynic,
    >
    >See if this is what you want -
    >
    >Netpoke is a utility used to replay packets to a live network that were
    >previously captured with the tcpdump program. It attempts to match the
    >timing of the original traffic, optionally speeding it up or slowing it
    >down, and can also modify the network hardware address in the replayed
    >traffic. Netpoke supports multiple network interfaces allowing replayed
    >packets to by injected into different points on a network based on the
    >source address.
    >
    >http://www.ll.mit.edu/IST/ideval/tools/tools_index.html
    >
    >Dave Fried
    >
    >-----Original Message-----
    >From: Cynic [mailto:cynicprogrock.com]
    >Sent: Wednesday, October 30, 2002 9:34 AM
    >To: vuln-devsecurityfocus.com
    >Subject: Retransmissions while blocking TCP Stack's RST?
    >
    >
    >Hi,
    >
    >I am looking for an application for *NIX, that can replay captured packets,
    >while dropping, the TCP Stacks responses.
    >Let's assume I replay a SYN, and receive a SYN-ACK, my host's TCP Stack
    >immediatley replies with a RST since it was not aware a connection was to be
    >opened.
    >So I am looking for some low-level retransmission application for *nix such
    >as Network monitor for NT. (I believe it does this.)
    >
    >Thanks a lot!
    >
    >Cynic.
    >
    >_____________________________________________________________
    >For the best in Progressive Rock on the internet, check out PROGROCK.COM!
    >http://www.progrock.com
    >
    >_____________________________________________________________
    >Select your own custom email address for FREE! Get youyourchoice.com w/No
    >Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag

    _____________________________________________________________
    For the best in Progressive Rock on the internet, check out PROGROCK.COM!
    http://www.progrock.com

    _____________________________________________________________
    Select your own custom email address for FREE! Get youyourchoice.com w/No Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag