The only reason I post this is to have somekind of a reference that I am
the original author, as I have been ripped of allready to many times.
Thx for your time,
[Brecht]
Document to be found at:
http://main.succeed.net/~coder/spoofit/spoofit.html
This is it's contence:
-=[ A short overview of IP spoofing: PART II ]=-
-=[ Part of 'The Packet Project']=-
(Includes Source for Linux 1.3.X and later kernels)
All text and Source code written by Brecht Claerhout (Copyright 1996-7)
All source tested on Linux kernel 2.0.X
All packet data captured with Sniffit 0.3.5
-------------------------------------------------------------------------------
PART II: Advanced spoofing (Blind)
----------------------------------
0. Introduction
0.1 What
0.2 For whom
0.3 Disclaimer
0.4 License
1. Description of source code
2. General information
2.1 Source Routed IP
2.2 Rerouting
3. Blind spoofing
3.1 Sequence number generation
3.1.1 Situation of the problem
3.1.2 Sequence number generation
3.1.2.a The old 64K rule
3.1.2.b Time related generation
3.1.2.c The 'pain in the ass' generation
3.2 Sequence number prediction
3.2.a 64K rule
3.2.b Time relation
3.3 The attack
3.3.1 Connection initiation
3.3.1.a 64K rule
3.3.1.b Time relation
3.3.2 Sending the data
3.3.3 The attack
3.3.4 Full log
3.3.5 Detection, and avoiding it
3.3.5.a Probes
3.3.5.b RST packets
3.3.5.b RST packets
3.3.5.c The ACK guesses
3.3.5.d Retransmission
4. How to use the source code
4.1 SEQ-scan
4.2 Eriu
4.3 Improvements
Appendix: Short note about rlogin
Appendix: Source Code
.-----
Coder, The Ultimate System Crasher E-Mail: coder@reptile.rug.ac.be
Armageddon(tm): http://sniffit.rug.ac.be
Armageddon(tm) - Site in ExilE: http://main.succeed.net/~coder
Sniffit(tm): http://sniffit.rug.ac.be/sniffit/sniffit.html
Latest Version: 0.3.5
Sniffit announce list: send SUBSCRIBE to
'coder-sniffit-request@reptile.rug.ac.be'
to get notified when new versions are released.