ICMP spoofed source payload tunneling
I. Abstract
Almost Any Device Having IP Stack with enabled ICMP Can Be buy to be a tunnel redirector.
Ii. Description
Let's imagine in Net a hacker having his source server (S), destinationserver (D), and a ip-capable device -. Victim (V) S sends to V spoofed ICMPecho request packet containing IP source address of D, and the data inPayload .
When v receiving tryet, it sends icmp echo-reply packet to d, Andforwards to d All Data in payload!
Backward is the same.
I sprent an only hour to write working exploit attaching this to linuxtuntaPDevice ...
Iii. Analysis
WHERE IT CAN BE USED?
.
. 2. Hacker have no access to the world at all, but have external server (D) For Victim can be used any neighbour device (I tried IP phone -! Itworks) or even firewall or gateway This can make a tunnel through aserver! With Completely Disabled IP Forwarding At ALL.
Very high probability of their attacks is in ISPs that gives a free accessto some networks (I know that situation exists in Ukraine - to UA InternetExchange access often is free and / or at higher speed, and in home Ethernetnetworks almost all ISPs provides free access to Their Clients and LocalResources).
IV DETECTIONThis can be detected by observing an anomally ICMP activity, and if youhave more than one network interfaces -.. By presence of spoofed packetsthat can not be in certain interfaces Or maybe by viewing your Internetbill ;-)
V. Workaround
.
