I have to write a program that sniffs network packets (part1-the simple part).
And I have to update the program (part2) so that it will be able to terminate connections. The specific requirements are:Construct raw packets by specifying data link layer and network layer information including appropriate source and destination MAC and IP addresses. These packets are intended to terminate the connection. To do so, you 开发者_如何学JAVAshould used SOCK_RAW as the socket type to be able to set the header information by yourself.
Can anybody give me some ideas on the second part?
Should I hijack the session, apply a DoS attack on one of the users?All I need is some tips of how to terminate the connection. I am using the C programming language, and this is a course assignment for the security course.
Depends on what you mean by terminate connections. You might mean providing an end-point for a TCP circuit or UDP stream.
Or you could mean sending an acceptable RST in the middle of a TCP stream to indicate the end of the stream. To achieve this you have to know the sequence number expected by the other side amongst other things.
Either way it is obvious you haven't been paying attention in class. The entire point of the assignment, it seems, is to show you understand the raw layout of IP packets and possibly TCP/UDP. I suggest you purchase a textbook on the subject (no doubt recommended by your lecturer) and/or take a read of Wikipedia.
For this assignment I would use pypacp, which is a python packet capture and injection library. Pypcap uses raw sockets to forge packets. If for some strange reason you are forced to use C then this project will be more difficult. In this case you should use libpcap to sniff the line and the raw socket library will depend on the platform you develop on.
You can sniff the line looking for TCP sequence ID's. Based on this id you can forge a RST or FIN to break one side of the connection. The hard part will be trying to maintain the TCP connection using raw sockets. It will be nearly impossible to maintain the application layer connection, HTTP would be an easier protocol to maintain but if it was http it would be easier to just hijack the cookie.
I can't help you with C libraries - not my forte, but it seems like there should be something out there.
But it seems like what you are trying to do in part 2 is to prevent a DOS, not cause one!
Check here:
http://en.wikipedia.org/wiki/Denial-of-service_attack
for stuff on DoS attacks. As PP says, there are a number of attacks relating to connection misuse, so you want to figure out which one your assigment is about - that one you need to check out with your prof. For example, the Wiki page above mentions SYN Floods - but almost any connection oriented protocol will be at risk for an attack that fills up the connection pool with too many connection requests and then doesn't ever close them.
I assume, reading the assignment, that your job is to figure out how to fix this by closing the connections that the attacker opened. Which means you both have to figure out how the attack works, and then figure out how to recover from it.
HINT: Hitting the server with a flood of close-connection requests is not an attack. It's not that useful, either, since you aren't necessarily closing the connections that are open. But the damage is caused by open-connection requests. See here:
http://en.wikipedia.org/wiki/SYN_flood
For one example.
you can use libpcap to help with the packet sniffing. libpcap was developed by the tcpdump team.
精彩评论