RE: Controling Segment Contents in TCP Stream

How about controlling telnet via Expect? I think Expect would be fast enough to have telnet send "USER " as a single segment, then have your expect script sleep for n seconds, then send the rest.

Marc

-----Original Message-----
From: Crist J. Clark [mailto:crist.clark@attbi.com] Sent: Wednesday, June 11, 2003 12:52 PM
To: pen-test@securityfocus.com
Subject: Controling Segment Contents in TCP Stream

I am looking for a simple tool that I can use to control how TCP data is split up among segments. I can't seem to figure out how to coax Netcat into doing this.

What I am trying to do is mess with some firewall/proxy software by screwing with (unfounded) assumptions it makes about the contents of individual packets. For example, I am seeing some Widely Used Commercial Firewall Software choke when an FTP client sends a packet containing just,

"USER "
That is, U, S, E, R, and a space. The next segment carries the rest of the line,

"anonymous\r\n"

Now, since TCP is a stream-oriented protocol, this is actually perfectly acceptable behavior. The TCP stack of the server will handle this just fine, and the FTP server software will see the perfectly Standard-compliant input,

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

"USER anonymous\r\n"

At the other end.

This is an old and well known problem with firewall/proxies, yet we see it all of the time. The problem I am having is finding a tool that lets me easily control the data in each segement of the TCP stream. I've manually crafted some packets with hping2 to do some testing, but it is a huge PITA to build the whole SYN/SYN-ACK/ACK handshake each time. Can anyone recommend a tool or show me how to get Netcat to do this? Or am I going to have to build something myself or hack Netcat code?

Since this is a well known issue, I was hoping someone already had done the work and made it available. Thanks.

-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     
cjc(at)freebsd.org

---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------