On Sat, 23 Feb 2013 15:14:22 +1100 "Michael Rash" <[email protected]> wrote: >On Feb 22, 2013, [email protected] wrote: > >> Although it is useful to be able to send fwknop packets in udp, >> tcp, icmp packets, there are times when I've wanted to send >spoofed >> packets through routers and prevent triggering of alerts that >could >> make admins look too closely. >> >> It might be interesting to have some sort of plugin framework >with >> templates for packet types which would appear to be legitimate >> traffic especially if seen by say, wireshark. Obviously the >payload >> would be visible on closer scrutiny, but the idea would be to >make >> them look close enough that a packet analyzer would parse the >> packet as something that looks typical. The idea would be to >blend >> in with expected traffic in order to prevent any alerts of >unusual >> traffic. > >Thanks for the feedback. For this to work, would you say that it >would >be important for SPA packets to essentially be tunneled over other >application layer protocols then? That is, send SPA data over >things >like legitimate DNS requests or via HTTP connections? Seems like >this >would allow your goal of blending with expected traffic to be >achieved, >and would certainly be a cool feature. In the context I was thinking of using this, the packets would only really need to look 'correct' i.e. correctly structured so as to be able to be parsed by a packet analyzer without any alerts for malformed packets. I intend to send cmd payloads rather than opening the firewall to make a connection. The source and destination aren't so important since it would just look like a stray packet from a typo. I was considering sending from an internal host to another internal host residing on another subnet. The first protocol that came to mind was types of traffic that would be routed between floors or departments e.g. general LAN such as call center to developer workstations using rpc, smb, or nfs.
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
