Spoofing just by the word itself sounds kind of cool, kind of magical just by allowing the word to slip from your lips "spoof" like magic everything has changed. Spoofing by definition is quite magical and can be used in many different ways, from good to bad, from security to comedy, or integrity and destruction. All around it sounds cool, might as well strap on our boots and get ready to learn something new.
The definition of Spoofing: is the creation of TCP/IP packets using somebody else's IP address. Routers use the "destination IP" address in order to forward packets through the Internet, but ignore the "source IP" address. That address is only used by the destination machine when it responds back to the source." I'm not one for saying this definition isn't 100% correct since Spoofing as a whole can be used in multiple different fashions, IP spoofing being the most well known, MAC spoofing, Email spoofing, even cell phone spoofing are viable tactics used by hackers today. With all that said we'll focus on the most well known. This will allow you to hide you IP location, and minimize the ability for an IP locator to actually find you.
IP Spoofing
This is when a source packet header is modified to resemble something else that it is not (as defined in the definition above) in short pretending you are someone you are not. This allows the "hacker" multiple fun tricks to play, such as hiding who you are in a smurf attack.
Smurf Attack
Ah yes a Smurf Attack, sounds a little... cute doesn't it? When most of us think smurf, we think of little blue people who live in mushrooms and are attacked frequently by some old troll man. They all where white and blindly follow their leader in red, the papa smurf. This is where the smurf attack gets its name, its designed to have a leader manipulate a bunch of blind followers. This is how it works, a host computer wants to shut down a server or a workstation from having any network connectivity at all, so what the host must first do is obtain the IP address of the target system. Once the IP address is found they then send ICMP traffic (a ping) to a broadcast domain on the router, for example 192.168.1.255 for the network 192.168.1.0/24. Now what the "hacker" or network security individual has to do is send a ping to the broadcast domain with the source IP address of the target system.
What this will do is ping every system on that broadcast domain am, which by design every system on that domain will respond with an echo. These systems are known as amplifiers, and amplify the signal across the network. By doing this the bandwidth of the victim system will exceed the available amount and completely shut down network connectivity.Preventing A Smurf Attack
A smurf attack can be blocked, or solved by disabling port 7 in your firewall, the ICMP port. (Internet Control Message Protocol). If Ping is disabled the smurf's traffic goes no-where, just received or reflected by the firewall. Although this prevents a smurf attack, it doesn't prevent a Fraggle attack, which is similar to a Smurf attack, but instead uses UDP traffic opposed to ICMP.
How To Do A Smurf Attack
Before I dive into how to do this I would like to reiterate like I usually do, using a smurf attack can be HIGHLY ILLEGAL if being used to take down someone else's server, this information provided is for educational purposes only to test on your own network.
For this attack we're going to use NMAP which is a free network security scanning software, scans for open ports, send pings and SYN packets looking for vulnerabilities for a security engineer to patch. As we all know all tools for good can be used for bad as well. First lets use NMAP to find our ethernet port and IP address as is by typing in the command NMAP --iflist
eth0 is my Ethernet connection with 192.168.1.X as my source IP address. For this I'm going to use a batch script with a loop (an indefinite loop can be set) here is the code.
@echo off
setlocal enableextensions enabledelayedexpansion
set /a "x = 0"
:while1
if %x% leq 50 (
echo %x%
set /a "x = x + 1"
nmap -e eth0 -S 10.10.10.10 -sn 20.20.20.20
goto :while1
)
endlocal
The 10.10.10.10 will be changed to the spoofed IP address, and 20.20.20.20 would be the destination of the broadcast domain (picked random IP addresses here). In this loop the goal is to get to the leq number of 50. So this will only last until X + 1 gets to 50. X starts out at 0. Removing the +1 will cause this loop to run indefinitely. On the line that reads nmap -e eth0 -S 10.10.10.10 -sn 20.20.20.20, what you'll need to know is this. -e eth0 -S 10.10.10.10 changes the source IP to the spoofed IP address, -sn is a ping to 20.20.20.20 the destination IP address.
Thanks For Reading
This was a quick run down on how to run a smurf attack and what a smurf attack is, let me know what you guys think in the comment section below, if you liked what you read please share and click that +1 button. And as always be safe my goblins.
0 comments:
Post a Comment