RE: Controling Segment Contents in TCP Stream

From: Marc Sherman (msherman@go-eol.com)
Date: Wed Jun 11 2003 - 11:17:07 PDT

Next message: Deniz CEVIK: "RE: radware linkproof"

Previous message: Crist J. Clark: "Controling Segment Contents in TCP Stream"
Maybe in reply to: Crist J. Clark: "Controling Segment Contents in TCP Stream"
Next in thread: Bernd Jendrissek: "Re: Controling Segment Contents in TCP Stream"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

How about controlling telnet via Expect? I think Expect would be fast enough to have telnet send "USER " as a single segment, then have your expect script sleep for n seconds, then send the rest.

Marc

-----Original Message-----
From: Crist J. Clark [mailto:crist.clarkat_private]
Sent: Wednesday, June 11, 2003 12:52 PM
To: pen-testat_private
Subject: Controling Segment Contents in TCP Stream

I am looking for a simple tool that I can use to control how TCP data
is split up among segments. I can't seem to figure out how to coax
Netcat into doing this.

What I am trying to do is mess with some firewall/proxy software by
screwing with (unfounded) assumptions it makes about the contents of
individual packets. For example, I am seeing some Widely Used
Commercial Firewall Software choke when an FTP client sends a packet
containing just,

  "USER "

That is, U, S, E, R, and a space. The next segment carries the rest of
the line,

  "anonymous\r\n"

Now, since TCP is a stream-oriented protocol, this is actually
perfectly acceptable behavior. The TCP stack of the server will handle
this just fine, and the FTP server software will see the perfectly
Standard-compliant input,

  "USER anonymous\r\n"

At the other end.

This is an old and well known problem with firewall/proxies, yet we
see it all of the time. The problem I am having is finding a tool that
lets me easily control the data in each segement of the TCP
stream. I've manually crafted some packets with hping2 to do some
testing, but it is a huge PITA to build the whole SYN/SYN-ACK/ACK
handshake each time. Can anyone recommend a tool or show me how to get
Netcat to do this? Or am I going to have to build something myself or
hack Netcat code?

Since this is a well known issue, I was hoping someone already had
done the work and made it available. Thanks.
-- 
Crist J. Clark                     |     cjclarkat_private
                                   |     cjclarkat_private
http://people.freebsd.org/~cjc/    |     cjcat_private

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Deniz CEVIK: "RE: radware linkproof"
Previous message: Crist J. Clark: "Controling Segment Contents in TCP Stream"
Maybe in reply to: Crist J. Clark: "Controling Segment Contents in TCP Stream"
Next in thread: Bernd Jendrissek: "Re: Controling Segment Contents in TCP Stream"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 11 2003 - 13:51:06 PDT