Packet Injection
Moderator: Moderators
Packet Injection
I was wondering if the NMDC Protocol had any security measures to prevent packet injection by another person. From what I've been reading in the NMDC protocol specs, it appears nothing prevents another person from spoofing a client's computer information and sending commands for them. Is there something I'm missing here?
-
- Posts: 147
- Joined: 2003-01-04 02:20
- Location: Canada http://hub-link.sf.net
- Contact:
tester329,
I don't think you are missing anything. I can confirm your suspicion however. I have done exactly that to make it appear to clients connected to a certain scriptless hubsoft that commands came from the hubsoft when in fact they came from another program running on the PC which is also connected to the hubsoft as a client.
I'd be interested in hearing your ideas about how you would prevent that.
I don't think you are missing anything. I can confirm your suspicion however. I have done exactly that to make it appear to clients connected to a certain scriptless hubsoft that commands came from the hubsoft when in fact they came from another program running on the PC which is also connected to the hubsoft as a client.
I'd be interested in hearing your ideas about how you would prevent that.
-
- Posts: 506
- Joined: 2003-01-03 07:33
The client was running on the same PC as the hubsoft? Surely it has the same ip then.I don't think you are missing anything. I can confirm your suspicion however. I have done exactly that to make it appear to clients connected to a certain scriptless hubsoft that commands came from the hubsoft when in fact they came from another program running on the PC which is also connected to the hubsoft as a client.
See, I was trying to do something similar to what you were talking about as a "proof-of-concept" that I could show you, but it did not work.. that's why I was wondering if there was some kind of security feature that I didn't notice.HaArD wrote:tester329,
I don't think you are missing anything. I can confirm your suspicion however. I have done exactly that to make it appear to clients connected to a certain scriptless hubsoft that commands came from the hubsoft when in fact they came from another program running on the PC which is also connected to the hubsoft as a client.
I'd be interested in hearing your ideas about how you would prevent that.
As for preventing this, I'm sure some sort of encryption would at least slow a malicious person down, if not deter them in some way. The only "evil" use for this hole that I can see is anonymous spamming, and maybe user info changing, and just being all-around annoying.
-
- DC++ Contributor
- Posts: 3212
- Joined: 2003-01-07 21:46
- Location: .pa.us
most if not all hubsofts have by default (well not verli...) source verification on all packets.
All packets with a return IP are checked against the senders IP and if they do not match the packet is dropped.
So it is NOT open for that sorta attacks, trust me people have tried
Verlihub is a grey area though. by default tehre are no checks (which means any yahoo can start spamming searches or ctm's with an unlucky persons IP and launch what would be a DDoS)
It is however possible for the hubowner to activate source verification which however on verli will prevent him from using his own hub (if on LAN or localhost) since the owner would be sending his WAN as the return IP when the hub detects him as a LAN/LOCALHOST
All packets with a return IP are checked against the senders IP and if they do not match the packet is dropped.
So it is NOT open for that sorta attacks, trust me people have tried
Verlihub is a grey area though. by default tehre are no checks (which means any yahoo can start spamming searches or ctm's with an unlucky persons IP and launch what would be a DDoS)
It is however possible for the hubowner to activate source verification which however on verli will prevent him from using his own hub (if on LAN or localhost) since the owner would be sending his WAN as the return IP when the hub detects him as a LAN/LOCALHOST
-
- Posts: 506
- Joined: 2003-01-03 07:33
Re: Packet Injection
i understood his post as if he was trying to send packets to other clients pretending to be someone else. Im no expert on the protocol but from what i read it uses the IP+port to identify who sent the packet (so in this case the ip+port would be the clients computer information and the spoofed packet would be the protocol command you were trying to send for them)tester239 wrote:it appears nothing prevents another person from spoofing a client's computer information and sending commands for them.
Please enlighten me then on what he meant by his post if i had misunderstood him