Monday, July 28, 2008

Hacker and Security Consultant

Some days ago when I was viewing a video from the shmoocon 2008, Hackajar told a very interesting difference between a hacker and security professional, he said
"Under the Age of 25 you are a hacker you are over the age of 25 you are a security professional"
So I was thinking about this statement like and I was like "Waw" how true !! Like when we are in our young age we dont have responsibilities on us. Most probably parents are paying for our education and for our living. At those time we can go on and on doing hacking stuff but we dont get any pay for that. They say White Hat, black hat are there black hat dont like white hats but there is one important statement made by simple nomad in this talk that was

"The basic different between Black hat and white hat hacker is that White hat has Mortgage."
So when you get little older responsibilities come, you need to earn for living. At that time one will think and I like to hack things, if I get a money to hack things then why I shouldn't take this opportunity ? Yes there are some restrictions on the you when you become white hat but every thing has its plus and minus. So its so true that as hackers become old they might go to the security scene. So whats bad in that ?

Monday, July 7, 2008

Packet Freagmentation Attack against Firewalls

For those who dont know what is packet fragmentation: you dont belong here, Dont read this article.

Legal Bullshit
This artical is provided for general informational purposes only, without warranty, either expressed or implied. How you use this information is upto you and author is not liable for that.
(F*ing B@$# S**t)

As we know due to differnet MTU (Maximum Transmission Unit) size in the different networks the TCP/IP packets need to be fragmented some times.
If you are RFC junky then RFC 791 - Internet Protocol is reffernce for you.

3 fields are involved in the fragmentation Identification,Flags,Fragment Offset

1. Identification: 16 bits

An identifying value assigned by the sender to aid in assembling the fragments of a datagram.

2. Flags: 3 bits

Various Control Flags.

Bit 0: reserved, must be zero
Bit 1: (DF) 0 = May Fragment, 1 = Don't Fragment.
Bit 2: (MF) 0 = Last Fragment, 1 = More Fragments.
0 1 2
| | D | M |
| 0 | F | F |

3. Fragment Offset: 13 bits

This field indicates where in the datagram this fragment belongs.

The fragment offset is measured in units of 8 octets (64 bits). The first fragment has offset zero.

Bellow is the idea of how packet fragmentation can be used to get around rules in some firewalls. To do this the main idea is to set the offset of the second packet is so low that the second packet will actually overlap on the first packet and the data of the first packet will be overwritten.

For Example.
Suppose there is a firewall rule that only allows port 80 to be connected from internet to inside server and say you want to do a ssh (port 22) connectoin to that server.
Then the first packet would be sent to the server with the port number 80 and
with the DF bit = 0 (May Fragment) and the MF bit = 1 (More Fragments). Since the firewall is configured to allow the port 80 connection it will allow this packet.

The second packet should be sent with the DF bit=0 and MF bit =0 (Last Fragment), port will be 22 and the Fragment Offset is given as 1. This will over write the first packet except the first 1byte(8bits) of the packet.

This second packet will be accepted by the firewall since it is part of the first packet and first packet has been already accepted by the firewall. So final assembled packet will have port 22. This packet will be forwarded to the server's port 22 this way.