Re: Insert the 4th TCP packet after TCP three-times handshakes

Replies are listed 'Best First'.
Re^2: Insert the 4th TCP packet after TCP three-times handshakes by cazz (Pilgrim) on May 03, 2005 at 14:03 UTC
The code is ejecting packets into its own session (see fork + connect). As it stands right now this can't be used for "Evil". There are legit uses for injecting packets like this. I do something similar for testing IP stacks. Though, I handle the full session by hand.	[reply]
Re^3: Insert the 4th TCP packet after TCP three-times handshakes by shanleiguang (Initiate) on May 03, 2005 at 14:57 UTC
If the initial sequence number of the other side could be predicted, blind tcp initial and inject(use a source ip address that not alive)may be possible.	[reply]
Re^4: Insert the 4th TCP packet after TCP three-times handshakes by cazz (Pilgrim) on May 03, 2005 at 15:04 UTC
There are lots of things good & bad that could be done with injecting of packets. The code does a connect, and then sends a packet by hand on its own connection. Sure, if the code looked for a handshake without creating one, then I could see claiming this code was evil, but thats not what this code does.	[reply]
Re^4: Insert the 4th TCP packet after TCP three-times handshakes by merlyn (Sage) on May 03, 2005 at 15:51 UTC
If the initial sequence number of the other side could be predicted, blind tcp initial and inject(use a source ip address that not alive)may be possible. See, now you've gone and set off my spidey sense again. Here you are, supporting my argument that you're up to no good with this code. If thre's a legitimate use for this code, would you please explain it? -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]
Re^4: Insert the 4th TCP packet after TCP three-times handshakes by shanleiguang (Initiate) on May 03, 2005 at 23:55 UTC
this script maybe useful to learn TCP/IP, so i post here	[reply]
Re^2: Insert the 4th TCP packet after TCP three-times handshakes by castaway (Parson) on May 04, 2005 at 06:46 UTC
People seem to be overreacting here. You admittedly took only a brief look at the code, saw the use of raw IP, and assumed the worst. (And even made a consideration based on that). If raw IP is so terrible, why not campaign for the module to be removed from CPAN? Lots of things are potentially usable for "bad stuff", but aren't used that way. If we're not going to trust our fellow man to some degree, we might as well all stay home in bed all day. C.	[reply]
Re^3: Insert the 4th TCP packet after TCP three-times handshakes by merlyn (Sage) on May 04, 2005 at 11:17 UTC
You presume things that are not so. There's a lot more that went on in my head than your simplified model. Keep in mind that I've made it both a personal and professional interest over the years to understand ways to subvert authentication schemes and bypass firewalls and generally reek havoc. And also keep in mind that my default setting for any new encounter is "trust". I did in fact scan the code about half a dozen times, looking carefully at the design of the packets. I still don't completely understand what it starts to do, but there's obviously a lot of work going on, and that means that there's a payoff for the user. So, this thing smells. My spidey sense is not easily activated, and yet it was. Also, my initial observation was also supported later in the thread. This person is potentially up to no good, and has not yet shown anything to the contrary. This also contributes to a validation of my initial observations. I'm not as prejudiced as you think I might be. I'm wondering why you're so prejudiced about me. {sigh} -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]