Subject: Re: Distributed denial of service attacks.
To: Simon J. Gerraty <sjg@crufty.net>
From: Andrew Brown <atatat@atatdot.net>
List: tech-security
Date: 09/10/2001 10:44:27
>>>> this is a good suggestion, but leads me to ask: how does one typically
>>>> "fling an arbitrarily formed packet" at host x?
>>>
>>>ipsend, iptest, etc., all part of IP Filter.... (maybe not compiled and
>>>installed by default in the integrated version)
>
>>on the flip side, that's good, but not quite enough. i can't specify
>>tcp data (or arbitrary ip packet data) on the command line. the thing
>>i threw together three years ago would allow me to do, eg,
>
>I have a couple of tools - mkpkt and rawpkt which I've used for various
>purposes over the years. Eg. testing fragment reassembly behaviour,
>RST'ing hung TCP sessions on MVS systems, generating routing storms
>(in a lab!). Essentially you can feed arbitrary hex data in to rawpkt
>to send out on the wire as a packet (it will normally fix various ip hdr
>fields but can be told not to). mkpkt just produces the hex data for feeding
>into rawpkt. Its is also very handy being able to capture packets with
>tcpdump and replay them later - against a different target even.
i vaguely remember reading something at some point about a tool that
used a config file to describe a packet, or a packet within a packet,
etc.
tcpdump combined with ipresend can do the retransmit, only without
>I never made them available - figured they might be missused.
mmm...probably, and that sucks, because i'm sure we can agree on the
usefulness of such tools.
>I thought I'd heard that netcat? can do much the same?
not netcat, i don't think, no.
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."