<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7638.1">
<TITLE>RE: [Full-disclosure] TCP/IP vulnerability</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>Ivan<BR>
<BR>
Thanks for the reply but have some concerns...<BR>
1)Tearn drop and land attack work on win 95 server,how to exploits this vulnerability or its variant on windows 2000 or linux.<BR>
<BR>
Do we have any other vulnerability in TCP/IP apart of listed below...<BR>
<BR>
<BR>
Cheers,<BR>
<BR>
Mohit<BR>
-----Original Message-----<BR>
From: Ivan . [<A HREF="mailto:ivanhec@gmail.com">mailto:ivanhec@gmail.com</A>]<BR>
Sent: Wed 5/23/2007 5:34 AM<BR>
To: Mohit Kohli<BR>
Cc: seclists@syneticon.de; full-disclosure@lists.grok.org.uk; pen-test@securityfocus.com; vuln-dev@securityfocus.com<BR>
Subject: Re: [Full-disclosure] TCP/IP vulnerability<BR>
<BR>
dude, check out Fernando Gont site<BR>
<BR>
<A HREF="http://www.gont.com.ar/tools/icmp-attacks/index.html">http://www.gont.com.ar/tools/icmp-attacks/index.html</A><BR>
<BR>
cheers<BR>
Ivan<BR>
<BR>
On 5/22/07, Mohit Kohli <mkohli@techmahindra.com> wrote:<BR>
><BR>
><BR>
><BR>
><BR>
> Hi Guys,<BR>
><BR>
><BR>
><BR>
> I got an assignment to write a white paper on TCP/IP and to show demo on how to exploits the same.<BR>
><BR>
><BR>
><BR>
> I have listed some of the vulnerability, but need some good tools (preferably windows based) to exploit the vulnerability and to perform further analysis.<BR>
><BR>
><BR>
><BR>
> overlapping IP fragments<BR>
> Tear Drop<BR>
> Land<BR>
> SYN Attack<BR>
> Ping Flooding<BR>
> IP Spoofing<BR>
><BR>
> SYN Guessing<BR>
><BR>
> Smurf Attack<BR>
><BR>
> Source Routing<BR>
> TCP Hijacking<BR>
><BR>
> Man-in-the-Middle Attack<BR>
><BR>
><BR>
><BR>
> I will appreciate; if you could provide me some inputs with regards to tools to exploits the vulnerability.<BR>
><BR>
><BR>
><BR>
> Cheers<BR>
><BR>
><BR>
><BR>
> Mohit<BR>
><BR>
><BR>
><BR>
><BR>
><BR>
><BR>
> ============================================================================================================================<BR>
><BR>
> Disclaimer:<BR>
><BR>
> This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review at <A HREF="http://www.techmahindra.com/Disclaimer.html">http://www.techmahindra.com/Disclaimer.html</A> externally and <A HREF="http://tim.techmahindra.com/Disclaimer.html">http://tim.techmahindra.com/Disclaimer.html</A> internally within Tech Mahindra.<BR>
><BR>
> ============================================================================================================================<BR>
><BR>
> _______________________________________________<BR>
> Full-Disclosure - We believe in it.<BR>
> Charter: <A HREF="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</A><BR>
> Hosted and sponsored by Secunia - <A HREF="http://secunia.com/">http://secunia.com/</A><BR>
><BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>
<table><tr><td bgcolor=#ffffff><font color=#000000>============================================================================================================================<br>
<br>
Disclaimer:<br>
<br>
This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review at <a href="http://www.techmahindra.com/Disclaimer.html">http://www.techmahindra.com/Disclaimer.html</a> externally and <a href="http://tim.techmahindra.com/Disclaimer.html">http://tim.techmahindra.com/Disclaimer.html</a> internally within Tech Mahindra.<br>
<br>
============================================================================================================================<br>
</font></td></tr></table>