Results 1 to 2 of 2

Thread: RST packet attack from Client

Hybrid View

  1. #1
    Junior Member
    Join Date
    May 2008
    Posts
    35

    Default RST packet attack from Client

    the RST packet attack is basically when a client initiates a connection (3 way handshake) and an attacker spoofs the identity of the server and get the correct sequence number and ACK no and sends a packet with the RST packet set to one..

    but what i am trying to do is,,, reset the connection from the client its self instead of the server resetting the connection,,, so that another spoofed server can interact with the client (Victim)

    so basically a client would send a request such as
    Code:
    pkt-1: seq #: 12345
             ack #: 54321
            flags#: PA<-PSH-ACK
           Payload: GET http://www.someserver.com/somefile.ext
    
    how would the immediate RST Packet look like??
    
    pkt-2: seq#: 12345+42<-(42 being the payload lenght of previous packet)
             ack#: 54321
           flags#: R<-RST
    is this Right??? or does the RST packet need to have the exact same seq # as pkt-1??

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Cryptid View Post
    is this Right??? or does the RST packet need to have the exact same seq # as pkt-1??
    If the sequence number is out of an expected range then it may alert Intrusion detection systems as well as some firewalls that something is not right. The problem with doing something like this is the sequence itself. Take a look at this article for a more in depth look at Sequence numbers. You can also try here there was a good bit of info about tcp sequence numbers as well, unfortunately I don't have the exact page link anymore. But there is some good info on the website none the less.
    Those two should be enough to help further you along.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •