-1

Im trying to implement an "opt ack" attack this attack involves sending ack packets before the packets arrive thus increasing the tcp windows and creating a big load on the network channel.

im using scapy to record traffic between a client and a server and then i send the client ack packets one after one

i have two problems:

i need to shut down the kernel sending packets automatically (it makes the attacker send reset packets) also i need to fix the timestamp and checksum

can you help me with at least the first problem?

Improve this question
1
  • What have you tried so far? I've never used them but my understanding is that raw sockets are capable of this in theory. If not you may need to modify the kernel.
    – Philip Couling
    Commented May 1, 2016 at 19:13

2 Answers 2

Reset to default
0

The first problem (RESET packets) can be fixed by installing iptables rules. It worked really well for me in my implementation of packet replay.

iptables -A OUTPUT -p tcp -d "DST IP ADDR" --sport "SRC PORT" --tcp-flags RST RST -j DROP

Improve this answer
0

The kernel has no knowledge of segments sent by Scapy, it doesn't have a socket bound to the port you are using (see here) so it sends RST segments as an answer to the ACK segments.

You can add an iptable rule to drop these on the attacker's machine:

iptables -A OUTPUT -p tcp --tcp-flags RST RST -s source_ip -j DROP

If you change segments, Scapy will recompute checksums before resending it.

Note that invalid checksums when recording trafic could be caused by checksum offload on your machine and can be solved with ethtool command:

ethtool --offload  ethX  rx off  tx off

For the timestamps, I assume you are talking about TCP Timestamps option. You can forge them before resending the segment with Scapy TCP options:

ACK = IP(...)/TCP(..., options=[("Timestamp", (TS_value, TS_ecr))])
Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.