UnderFire Resources

UnderFire Resources
| UnderFire Introduction | | UnderFire References |
| Attack Information | | Tools |

Attack Information
IP Fragmenting IP fragmenting can be exploited to pass packets that would be rejected otherwise through a firewall or other filtering device.
RFC1858 describes a couple such attacks in detail and ways to protect against it.

IP Spoofing Spoofing IP addresses can be used to exploit trust relationships between machines. The underlying idea behind this attack is that the attacker pretends to be someone who the victim trusts, (e.g. another machine on the local network as the victim or a machine that the victim already has established a connection with).
Morris, Robert T., A Weakness in the 4.2BSD UNIX TCP/IP Software, 1985. This paper, (in PostScript format), briefly describes the basis behind IP spoofing.
Explainations and source code for implementing various types of spoofing attacks can be found in the following documents: Non-Blind Spoofing, Blind Spoofing.

Ping Of Death This attack centers around sending a PING packet of a certain (unusual) size to a host. This may cause the attacked machine to crash, reboot, or otherwise act unexpectedly.
Ping of Death Homepage.

Redirecting (ICMP and ARP) Sending ICMP or ARP redirection requests to a host may allow an attacker to modify routes in order to carry out something like a "man-in-the-middle" attack (see also IP Spoofing).
This document details the attack and includes sample source code.
TCP Sequence Number Prediction The ability to predict TCP sequence numbers may allow someone to launch a "blind spoofing" (see also IP Spoofing) attack against a target. In other words, an attacker may exploit a trust relationship by pretending to be a trusted host.
A list of resources on the subject may be found here
A newspaper article and a CIAC notice regarding the subject may be found here

Tools
Ping Of Death This is C source code that will implement a ping of death attack. The source is ment for UNIX machines. You can implement this attack from Windows '95 or NT machines by issuing the command ping -l 65510 ip_address where ip_address is the machine to which you want to send the ping of death.
Sequence Number Prediction This sample code attempts to predict sequence numbers which can be useful for implementing a "blind spoofing" attack (see also IP Spoofing). The actual packet generating and sending routines are not given.
Sniffit Sniffit is a tool for monitoring packets passing through a local interface.
Spak Send PAcKet (SPAK) is a program for creating and sending arbitrary packets. Separate modules create TCP, UDP, IP, ICMP, and other types of packets. These modules can be combined in order to create, for example, a TCP/IP packet.
Strobe Strobe is a port scanner. Scanning ports may tell you what services a host provides. This information can then be used to tailor an attack to a site.
Tcpdump Tcpdump is a tool for monitoring packets passing through a local interface.

Attack Information
IP Fragmenting	IP fragmenting can be exploited to pass packets that would be rejected otherwise through a firewall or other filtering device. RFC1858 describes a couple such attacks in detail and ways to protect against it.
IP Spoofing	Spoofing IP addresses can be used to exploit trust relationships between machines. The underlying idea behind this attack is that the attacker pretends to be someone who the victim trusts, (e.g. another machine on the local network as the victim or a machine that the victim already has established a connection with). Morris, Robert T., A Weakness in the 4.2BSD UNIX TCP/IP Software, 1985. This paper, (in PostScript format), briefly describes the basis behind IP spoofing. Explainations and source code for implementing various types of spoofing attacks can be found in the following documents: Non-Blind Spoofing, Blind Spoofing.
Ping Of Death	This attack centers around sending a PING packet of a certain (unusual) size to a host. This may cause the attacked machine to crash, reboot, or otherwise act unexpectedly. Ping of Death Homepage.
Redirecting (ICMP and ARP)	Sending ICMP or ARP redirection requests to a host may allow an attacker to modify routes in order to carry out something like a "man-in-the-middle" attack (see also IP Spoofing). This document details the attack and includes sample source code.
TCP Sequence Number Prediction	The ability to predict TCP sequence numbers may allow someone to launch a "blind spoofing" (see also IP Spoofing) attack against a target. In other words, an attacker may exploit a trust relationship by pretending to be a trusted host. A list of resources on the subject may be found here A newspaper article and a CIAC notice regarding the subject may be found here

Tools
Ping Of Death	This is C source code that will implement a ping of death attack. The source is ment for UNIX machines. You can implement this attack from Windows '95 or NT machines by issuing the command ping -l 65510 ip_address where ip_address is the machine to which you want to send the ping of death.
Sequence Number Prediction	This sample code attempts to predict sequence numbers which can be useful for implementing a "blind spoofing" attack (see also IP Spoofing). The actual packet generating and sending routines are not given.
Sniffit	Sniffit is a tool for monitoring packets passing through a local interface.
Spak	Send PAcKet (SPAK) is a program for creating and sending arbitrary packets. Separate modules create TCP, UDP, IP, ICMP, and other types of packets. These modules can be combined in order to create, for example, a TCP/IP packet.
Strobe	Strobe is a port scanner. Scanning ports may tell you what services a host provides. This information can then be used to tailor an attack to a site.
Tcpdump	Tcpdump is a tool for monitoring packets passing through a local interface.