Packet Spoofing

On Christmas Day in 1994 Kevin Mitnick (and I believe a colleague?) launched a novel attack against Tsutomu Shimomura's computers that involved packet spoofing. In the summer or fall of 1995 some Air Force colleagues let me look at some source code that may have been part of that attack, and in January 1996 I developed some simple programs (for research purposes only:) inspired by the attack. Among them were:

• Wedger - launched a SYN flood Denial of Service (DoS) attack by injecting spoofed SYN packets (the first phase of the Mitnick attack)
• Killer - killed an existing TCP connection by injecting spoofed RST packets
• Injector - sent data to a client or server in an existing TCP connection by injecting spoofed data packets

Here are some

• personal notebook entries from January discussing the tools
• presentation given to sponsors
• paper that resulted from this research

One of the most interesting results from the research was that I found one-time-password devices (which were becoming popular because of password sniffers) for login over Telnet were easy to bypass by injecting data into an already authenticated connection. I could also display content (like a "go away" message) to be displayed on the user's screen. Ah, fun times.