Stoic Joker Posted November 27, 2005 Share Posted November 27, 2005 Greetings Okay...As I know this can be a bit of a "touchy" subject, I'll answer a few things right-up-front.Q. What are my plans for the resulting code?A. Testing in (my) lab only. I'm an MCSA working for an MCSP & working on a CEH certification.Q. Am I trying to build a "Nuker"?A. Yes, but, as stated above it is/will only be used for lab testing and for the purpose of better understanding how to defend a network properly. So... While there are tons of sample code bits available, most are for *niX and don't seen to work well when compiling on a Windows box (I'm using MS Visual Studio 2005). The part I keep getting hung on is finding working code that will allow me to spoof the source IP of the packet being sent. I'm not posting any of the code I'm currently using to avoiding it's missuse, but will provide it to anyone who is willing to assist me on this project (assuming they properly grasp its intention).Thank YouStoic Joker Link to comment Share on other sites More sharing options...
I_Broke_My_MHZ Posted December 3, 2005 Share Posted December 3, 2005 This will be somewhat difficult. I think such a technique as spoofing the IP requires the use of raw sockets. Not only were raw sockets disabled/hampered in the newest update to windows, but you will have to know how to utilize raw sockets. So...um..look into that I guess.A lot of the more advanced *nix nuking tools I saw use raw sockets. Link to comment Share on other sites More sharing options...
Stoic Joker Posted December 3, 2005 Author Share Posted December 3, 2005 Yes the raw socket part is a given, and I've been working with that from the start of this project. I guess I hadn't been paying attention when the MS crippeled raw socket support memo was sent (hehe). ...As that was half of my problem. The other half is getting the packet header(s) coded properly so they make sense to the target when they get there. I've been using eEye's Iris to analyse the out going packets and the headers are either being ignored, mangled, or both (and I do have SOL_HDRINCL set).Any suggestions appreciated.Thank YouStoic Joker Link to comment Share on other sites More sharing options...
I_Broke_My_MHZ Posted December 19, 2005 Share Posted December 19, 2005 Unfortunately I don't know much about the programming aspect of it all. Maybe the source code of some existing tools can give some useful information. Maybe you should try your luck at a forum more geared toward network programming? Link to comment Share on other sites More sharing options...
EchoNoise Posted December 20, 2005 Share Posted December 20, 2005 Here is some information that might be useful to you Raw IP Sockets in C Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now