Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
malllllllll<br />
The code presented here is a subset of<br />
my alpha perl spoofer, slapfro, which is<br />
available from 9mm.com/philez.html. I<br />
thought it would be nice to see something<br />
other than a knockoff of a knockoff of a<br />
spoofer for once and maybe give some<br />
more people the ability to play with the insides<br />
of tcplip.<br />
Greetz, boys and gurliez. Today, we play<br />
with the insides of tcplip. In particular,<br />
we'll be building a tcp spoofer in perl<br />
(yeah, you can do icmp or udp too if ya<br />
want). We'll call this one - umm - lego. All<br />
we really want to do with lego is build our<br />
own packets. This can be useful if you like<br />
to set the source address to something arbitrary,<br />
or if you want to experiment with<br />
flags or some shit. We're not going to do tcp<br />
connection spoofing, because that would be<br />
too big in scope for our purposes. At this<br />
point we'll just send out some tcp packets<br />
with increasing port numbers, sort of like<br />
the way a half-opened portscan would look.<br />
If lots of people begin to use this, we get<br />
the added benefit of making uptight sysadmins<br />
look silly, and finally teaching them<br />
that portscaning is neither harmful, intrusive,<br />
nor necessarily evidenee that anything<br />
at all came from the apparent source of the<br />
scan. Ahem.<br />
DD mill<br />
There are three main sections of code<br />
that we will use to create our packet: the<br />
first sets up things like source and destination<br />
address, ports, number of packets, and<br />
any looping and shit that we might use to<br />
send lots of packets or to vary the packets,<br />
say, by incrementing the destination port<br />
each time we send. The second section is<br />
the guts: we figure out what our ip and tcp<br />
headers will look like, then we put the<br />
packet together. The third section calculates<br />
a checksum for the packet - used to tell the<br />
receiving machine that the packet didn't get<br />
mangled in transit. I admit, I ripped off the<br />
checksum code from Net::Ping. Shit, who<br />
wants to write checksum code when it's already<br />
there for you? The three sections are<br />
nested 1,2,3 - they each use the next as a<br />
subroutine.<br />
A Quick Tour<br />
The first point of interest is the specifications<br />
of target box, source box, and ports.<br />
If your ambition is low and all you want to<br />
do is watch some home-brewed tcp packets<br />
fly, just put in some valid source and destination<br />
addresses, run a sniffer, and enjoy.<br />
For the slightly more motivated, you could<br />
take these five items as parameters from the<br />
command line.<br />
Page 6 2600 Magazine Fall 1998