Forums Developers Packets

I wasn't sure which forum to post this in and I apologize if this was the wrong one. Anyhow, I was wondering if it's possible to hand make packets if you knew the binary for it. E.g. I assemble a packet for a command to be sent to an ftp server in a binvar and send it out through a socket to said server. Will it be sent by itself or will it simply be shoved into the data portion of an ip packet by the level 2 Internet Protocol? Assume my binvar packet has all the required headers such as Source MAC,destination MAC,checksum,etc... Thanks for any help.

Umm mIRC sockets allow you to create two kinds of sockets, TCP, and UDP, not raw sockets. You can not send raw IP headers.

Hey codemaster you sound like you knwo ANOTHER way to do this out of mIRC?
I personally don't know this but I assume it can be done becasue it has been done.
It'd be interesting to find out about at the very least, I've never come across anythign that says "THIS IS HOW... "

Well I won't go into it too much simply because raw sockets, although they have many valid uses, are also a very good way to create attacks in the TCP protocol, such as spoofing. If I recall, Win9x doesn't even support "true" raw sockets (but I might be mistaken) but I know for a fact that NT/2k/XP only allows it for admins (XP might allow it for power users as well). The reason again is raw sockets can be dangerous in the wrong hands. Basically instead of creating a socket for TCP or UDP you create it for RAW. RAW allows you to create a socket that either uses a known protocol such as ICMP, or a protocol that WIndows has no information about. Pretty much, instead of using SOCK_STREAM(TCP) or SOCK_DGRAM(UDP), you use SOCK_RAW. If you are interested in the more technical aspects of it, I'd recommend "Network Programming for Microsoft Windows Second Edition" (ISBN: 0-7356-1579-9) it's a great book for learning everything you could ever want to know about socket programming on Windows.

And infact that is the very way that people have been taking out these exploitable Cisco routers, is with raw sockets. It's also how the "net send" advertisements (the ads witht he "ok" button) are being send. They modify the headers of the message and the body and take advantage of the Messenger Service. They make the "From Address" their company name, and body of it anything they wish.

LoL i was plagued with them things too till i just blocked everything with my fire wall ...... but i got bored one day and did one better ..... i shut off that damn messanger service

Well, not to get off topic but..

I had gotten them on every 10 minutes (on the minute too) and i finally went to the company and complained. They told me "if you don't want them, shut off the service". Well, i already knew how to shut off the service, but the problem was what if i was a server. What if I had a server in my LAn that when being attacked send a global net send to all the online machines saying "Hey im being attacked" Why should i have to compromise network securty so that you guys can be a pain in the [self-censored] and advertise to every user online.

Well needless to say i did more research on it and got out a fluke network inspector (had one at school--me buy that software? Im not that rich). Anyways, the company had a demo on the webite so we downloaded, it and observed the network. As it turns out it doesn't use port 135, but uses like 139 or 140 or something. So that port is not disabled and haven't gotten one since.

Was kind of interesting how it worked out theough, if anyone is farmiliar with sockets what they did was had the software bypass the SYN_ACK msg from the client, thus stopping lag time and allowing the company do do like a udp mass-message. Send it and "forget it" sort of logic. If the user gets it, they get it, if not--who cares.

Ohh well, just thought I'd throw that out there for anyone who wanted to know. >:D