Mystery Net - PowerPoint PPT Presentation

About This Presentation
Title:

Mystery Net

Description:

Mystery Net Simple Nomad DC214 - 15Jul2004 Mystery Net Design Goals Defeat IP address-based access controls Allow userland tools to spoof Have little to no ... – PowerPoint PPT presentation

Number of Views:86
Avg rating:3.0/5.0
Slides: 19
Provided by: dc214Orgn8
Learn more at: http://dc214.org
Category:
Tags: mystery | net | spoofing

less

Transcript and Presenter's Notes

Title: Mystery Net


1
Mystery Net
  • Simple Nomad DC214 - 15Jul2004

2
Mystery Net Design Goals
  • Defeat IP address-based access controls
  • Allow userland tools to spoof
  • Have little to no social value

3
Attacker's Dilemma
  • Firewalls block addresses
  • Some firewalls allow some traffic in (business
    partners, trusted clients, etc)
  • VPNs may limit addresses that can access
  • Perimeter technologies log stuff (including our
    IP address)
  • Spoofing dies using TCP/IP
  • Advanced spoofing requires rewriting every
    app/tool from scratch

4
Our Hero
5
Enter Blue Raja
6
Blue Raja Features
  • Uses Packet Purgatory library
  • Inserts a wedge between the kernel and
    userland.
  • The wedge rewrites outbound packets on the fly.
  • We simply rewrite our outbound source address,
    and add options
  • We can also use a fake local IP proxy (and we
    handle arp for it)

7
How Does Our Hero Get Responses?
8
Enter The Shoveler
9
Shoveler Features
  • Uses libpcap and libdnet
  • Can rewrite packets based upon IP address pairs
  • Can function as a proxy, and can be chained

10
Real World Scenario
Target
Trusted Host
Mr. Furious
  • Attacker is blocked, trusted host gets through

11
Real World Scenario
Target
Trusted Host
Blue Raja
Mr. Furious
  • Attacker uses Blue Raja, packets get through

12
Real World Scenario
Shoveler
Target
Trusted Host
Blue Raja
Attacker
  • Shoveler shovels the return packets back

13
More Fun...
Shoveler (proxy mode)
Target
Trusted Host
Shoveler (proxy mode)
Shoveler (proxy mode)
Shoveler (proxy mode)
Shoveler (proxy mode)
Attacker
  • Attacker is blocked, trusted host gets through

14
Shoveler Can Do Even More...
15
Man-in-the-Middle Scenario
Shoveler
Target
MyOnlineBank
FakeOnlineBank
  • Shoveler intercepts online banking traffic

16
Problem Areas
  • Trusted host is active
  • RSTs could kill our connection
  • Can't update Shoveler on the fly
  • Works great in a lab (needs real world testing)

17
Future Enhancements - Shoveler
  • Detect dark IP space from trusted net
  • Spleen mode
  • DoS against trusted host
  • Reverse spleen mode for better MITM attacks
  • Invisible Boy mode
  • Update Shoveler remotely via covert channel

18
Fin
  • Questions?
  • http//www.nmrc.org/thegnome/mn-0.1.tgz (coming
    soon)
  • Packet Purgatory
  • http//www.synacklabs.net/projects/packetp/
  • Libdnet
  • http//libdnet.sourceforge.net/
  • Libpcap
  • http//www.tcpdump.org/
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Mystery Net" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!