Subject: Re: Distributed denial of service attacks.
To: Simon J. Gerraty <sjg@crufty.net>
From: Andrew Brown <atatat@atatdot.net>
List: tech-security
Date: 09/10/2001 10:44:27
>>>> this is a good suggestion, but leads me to ask: how does one typically
>>>> "fling an arbitrarily formed packet" at host x?
>>>
>>>ipsend, iptest, etc., all part of IP Filter....  (maybe not compiled and
>>>installed by default in the integrated version)
>
>>on the flip side, that's good, but not quite enough.  i can't specify
>>tcp data (or arbitrary ip packet data) on the command line.  the thing
>>i threw together three years ago would allow me to do, eg,
>
>I have a couple of tools - mkpkt and rawpkt which I've used for various
>purposes over the years.  Eg. testing fragment reassembly behaviour,
>RST'ing hung TCP sessions on MVS systems, generating routing storms 
>(in a lab!).  Essentially you can feed arbitrary hex data in to rawpkt
>to send out on the wire as a packet (it will normally fix various ip hdr 
>fields but can be told not to).  mkpkt just produces the hex data for feeding 
>into rawpkt.  Its is also very handy being able to capture packets with
>tcpdump and replay them later - against a different target even.

i vaguely remember reading something at some point about a tool that
used a config file to describe a packet, or a packet within a packet,
etc.

tcpdump combined with ipresend can do the retransmit, only without

>I never made them available - figured they might be missused.

mmm...probably, and that sucks, because i'm sure we can agree on the
usefulness of such tools.

>I thought I'd heard that netcat? can do much the same?

not netcat, i don't think, no.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."