Packet Injection

Technical discussion about the NMDC and <a href="http://dcpp.net/ADC.html">ADC</A> protocol. The NMDC protocol is documented in the <a href="http://dcpp.net/wiki/">Wiki</a>, so feel free to refer to it.

Moderator: Moderators

Locked
tester239
Posts: 2
Joined: 2006-07-30 04:18

Packet Injection

Post by tester239 » 2006-07-30 04:31

I was wondering if the NMDC Protocol had any security measures to prevent packet injection by another person. From what I've been reading in the NMDC protocol specs, it appears nothing prevents another person from spoofing a client's computer information and sending commands for them. Is there something I'm missing here?

[NL]Pur
Programmer
Posts: 66
Joined: 2004-07-21 14:32

Post by [NL]Pur » 2006-07-30 06:40

So how can you inject a packet ?

cologic
Programmer
Posts: 337
Joined: 2003-01-06 13:32
Contact:

Post by cologic » 2006-07-30 06:43

How would you elaborate upon your analysis to either justify retaining the situation you perceive or suggest a change to it?

Pothead
Posts: 223
Joined: 2005-01-15 06:55

Post by Pothead » 2006-07-30 06:52

[NL]Pur wrote:So how can you inject a packet ?
Send a Raw packet with someone elses ip. Assuming it doesn't get killed by your firewall / router / isp. :)

HaArD
Posts: 147
Joined: 2003-01-04 02:20
Location: Canada http://hub-link.sf.net
Contact:

Post by HaArD » 2006-07-30 07:30

tester329,

I don't think you are missing anything. I can confirm your suspicion however. I have done exactly that to make it appear to clients connected to a certain scriptless hubsoft that commands came from the hubsoft when in fact they came from another program running on the PC which is also connected to the hubsoft as a client.

I'd be interested in hearing your ideas about how you would prevent that.

ivulfusbar
Posts: 506
Joined: 2003-01-03 07:33

Post by ivulfusbar » 2006-07-30 09:15

One also have to distinguish between protocol and how messages are transmitted.

But no, nothing in NMDC is designed to work in a secure and reliable enviroment.
Everyone is supposed to download from the hubs, - I don´t know why, but I never do anymore.

[NL]Pur
Programmer
Posts: 66
Joined: 2004-07-21 14:32

Post by [NL]Pur » 2006-07-30 12:27

I don't think you are missing anything. I can confirm your suspicion however. I have done exactly that to make it appear to clients connected to a certain scriptless hubsoft that commands came from the hubsoft when in fact they came from another program running on the PC which is also connected to the hubsoft as a client.


The client was running on the same PC as the hubsoft? Surely it has the same ip then.

tester239
Posts: 2
Joined: 2006-07-30 04:18

Post by tester239 » 2006-07-30 13:37

HaArD wrote:tester329,

I don't think you are missing anything. I can confirm your suspicion however. I have done exactly that to make it appear to clients connected to a certain scriptless hubsoft that commands came from the hubsoft when in fact they came from another program running on the PC which is also connected to the hubsoft as a client.

I'd be interested in hearing your ideas about how you would prevent that.


See, I was trying to do something similar to what you were talking about as a "proof-of-concept" that I could show you, but it did not work.. that's why I was wondering if there was some kind of security feature that I didn't notice.

As for preventing this, I'm sure some sort of encryption would at least slow a malicious person down, if not deter them in some way. The only "evil" use for this hole that I can see is anonymous spamming, and maybe user info changing, and just being all-around annoying.

GargoyleMT
DC++ Contributor
Posts: 3212
Joined: 2003-01-07 21:46
Location: .pa.us

Post by GargoyleMT » 2006-08-14 18:53

tester239 wrote:it did not work..

How did it "not work"? If you explain what you tried to do, we can explain why it didn't work.

GhOstFaCE
Posts: 6
Joined: 2005-10-15 04:02

Post by GhOstFaCE » 2006-09-10 15:53

most if not all hubsofts have by default (well not verli...) source verification on all packets.
All packets with a return IP are checked against the senders IP and if they do not match the packet is dropped.

So it is NOT open for that sorta attacks, trust me people have tried :)

Verlihub is a grey area though. by default tehre are no checks (which means any yahoo can start spamming searches or ctm's with an unlucky persons IP and launch what would be a DDoS)

It is however possible for the hubowner to activate source verification which however on verli will prevent him from using his own hub (if on LAN or localhost) since the owner would be sending his WAN as the return IP when the hub detects him as a LAN/LOCALHOST

ivulfusbar
Posts: 506
Joined: 2003-01-03 07:33

Post by ivulfusbar » 2006-09-10 23:52

GhOstFaCE wrote:........


Your post has nothing with the topic/thread todo.
Everyone is supposed to download from the hubs, - I don´t know why, but I never do anymore.

GhOstFaCE
Posts: 6
Joined: 2005-10-15 04:02

Re: Packet Injection

Post by GhOstFaCE » 2006-09-11 08:09

tester239 wrote:it appears nothing prevents another person from spoofing a client's computer information and sending commands for them.

i understood his post as if he was trying to send packets to other clients pretending to be someone else. Im no expert on the protocol but from what i read it uses the IP+port to identify who sent the packet (so in this case the ip+port would be the clients computer information and the spoofed packet would be the protocol command you were trying to send for them)

Please enlighten me then on what he meant by his post if i had misunderstood him

Locked