PoiNtEr->: Hacker's Diary "End Of Transmission"

                             Difference between a dream and an aim. A dream requires soundless sleep, whereas an aim requires sleepless efforts.

Search This Blog

Saturday, August 4, 2012

Hacker's Diary "End Of Transmission"

What is packet crafting?

Crafting, by definition, means to make or create something skillfully. As we know, all the vulnerability assessment tools used by network administrators to test the security of their networks are both a blessing and a curse. This is because the same set of tools can also be used by evil hackers to find vulnerabilities and then exploit those to their benefit. Packet crafting, too, is not an exception to this rule, and since it is a technically advanced yet complex type of vulnerability exploitation, it is difficult to detect and diagnose.

 Let’s understand each of these steps a bit more in detail.

Packet assembly

This is the first step in the crafting process, wherein an attacker decides which network needs to be cracked, tries to gather possible vulnerability information and creates or fabricates the packets to be sent. This packet is then checked for accuracy, especially to ensure that the attack is as “invisible” on the network as possible, to go undetected.
For example, the packet being created can have a spoofed source address and a dummy TCP sequence number. The assembly of a packet need not be done from scratch; a packet going over the wire can be captured and its contents can be modified to serve the hacking purpose.

Packet editing

In this step, usually a dry run on the assembled packet is tested and based on the results gathered, and the packet is tuned up or corrected before moving to the next step. In the editing phase, the focus is usually to gather the maximum amount of information by injecting the minimum number of packets into the network.
For example, to test how a firewall responds to malformed packets, a simple packet with a false source IP address and with ACK field bit set can be created. In ideal situations, the firewall should drop such a packet.

Packet playing

Once the correct packet or a stream of packets is created, “packet playing” sends it onto the network, and collects the resultant packets to perform further analysis and corelation. This is when an actual attack is performed. If the expected outcome is not achieved, hackers go back to the editing phase to change the attack scenario.

Packet analysing

In this process, the packet streams are gathered to decode the presented response by the target network. Attackers may use simple packet sniffing tools for this purpose, or can capture the packet streams in the form of a log file and analyse it. This step either provides evidence to the hackers that they were successful in penetration, or at least gives them enough inputs to tune up the attack, or change their methods.

Packet crafting techniques

As seen above, the whole idea behind packet crafting is to try to simulate an attack, thus learning the behaviour of various network devices in order to gain knowledge about the vulnerabilities. Crafting is typically used to invade into firewalls and intrusion detection devices, but can also be used to attack Web servers and other application gateways.

A few common packet crafting techniques are:

  • Ping fragmentation
  • Packet flag manipulation
  • Packet duplication
  • Protocol manipulation   
  • Half open packets.

No comments:

Post a Comment