Your SlideShare is downloading. ×
Fun with TCP Packets
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Fun with TCP Packets

1,058

Published on

Andrew MacPherson …

Andrew MacPherson
Zacon 2009
http://www.zacon.org.za/Archives/2009/slides/

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,058
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. ZACON 2009 Andrew MacPherson
  • 2. •  Degree in Information Science •  Tech Support -> Webdev -> Paterva • 3 1 3 3 7 h 4 > < z 0 r • M a s t e r m i n d •  @Paterva: • E v i l G e n i u s •  Work on Maltego related stuff (local/server) transforms • H i p p y •  Built the Mesh ( firefox plugin ) • C o d e r •  Interesting Because: •  Old stuff •  Still Applicable •  Not new – just scattered •  Portscanners •  Scanrand, Unicorn •  DOS •  Slowlaris TCP/IP Packet Fun – ZAcon 2009
  • 3. •  Scapy •  Packet crafting tool •  Sender •  Listener •  TCP Handshake • Syn/SynAck/Ack •  Portscan •  We send a SYN •  Filtered (no response) •  Open (got back SynAck) •  Close (RST) TCP/IP Packet Fun – ZAcon 2009
  • 4.   We can send packets really fast   SYN TCP packet is =~ 54 Bytes = 432 bits   4Mbit/s (4194304 bits) can send 9.7K Syn packets per second (theory)   We can monitor responses as per previous slide   Means we can scan 65k ports in around 6s   Packet loss – so we want to put in some delays   RST packets getting in the way   Firewall em! TCP/IP Packet Fun – ZAcon 2009
  • 5.   Unicorn, like scanrand, etc. TCP/IP Packet Fun – ZAcon 2009
  • 6.   Traceroute   Sending out all TTLs at once (no wait)   Know when to stop?   Tracing to multiple hosts at once   Put the hopcount in the payload   Why is it cool to traceroute to blocks?   See routing protocols (entire block is not all in the same place?)   Load balancing (3 times)   Geo Location TCP/IP Packet Fun – ZAcon 2009
  • 7. TCP/IP Packet Fun – ZAcon 2009
  • 8.   Single Port   Full connection – Ack the SynAck – Complete the handshake   Target has stack full of connection, we have…. Nothing?   Different from a SynFlood   Cant spoof our IP Address   ~ 400 packets for Apache   Welcome to DoS TCP/IP Packet Fun – ZAcon 2009
  • 9. TCP/IP Packet Fun – ZAcon 2009
  • 10.   Full connections get torn down   Need to convince the stack we are still speaking to it! Drip,Drip,Drip.   Use apps that run on protocols ○  SMTP ( DATA seg of mail ) ○  HTTP ( POST – content length 99999?)   Slowlaris ○  FTP (PUT) ○  Others?   Anything that we can send data too   Means we need to track seq + ack numbers TCP/IP Packet Fun – ZAcon 2009
  • 11. TCP/IP Packet Fun – ZAcon 2009
  • 12. TCP/IP Packet Fun – ZAcon 2009
  • 13.   !!WARNING!!   South African Space   Transparent Proxies :O :O :O   Firewallsin front of applications   Limit connections per client   Time per request TCP/IP Packet Fun – ZAcon 2009
  • 14.   Tech is NOT new, its scattered but still applicable   Why is there not more of this going on?   Botnets   Online protests   Competition   Gofurther, packets = network = what others see, smokescreen networks? TCP/IP Packet Fun – ZAcon 2009

×