CEH| ilabs Module 2 doubts

Discussion in 'CEH' started by Arjun Sharma_1, Jun 17, 2019.

  1. Arjun Sharma_1

    Arjun Sharma_1 Active Member

    Joined:
    May 31, 2019
    Messages:
    17
    Likes Received:
    4
    1.In the 1st part, we are asked to know the max packet length which can be sent without fragmenting. Why do we need to know that ?
    2. What all footprinting can we do after mirroring a website. ?
     
    #1
    Abhishek Kumar_61 likes this.
  2. Premchander Chandran

    Premchander Chandran Active Member

    Joined:
    May 25, 2019
    Messages:
    42
    Likes Received:
    19
    Hi Arjun,
    For:
    1. Since you have mentioned the first part of lab which involves ping www.certifiedhacker.com -f -l 1500 , where f switch is to set DF flag and l - length of the buffer.
    Considering this, a perfect ping packet is 56 bytes or 64 bytes (with the header). Any IPv4 packet can be as large as 65535 bytes. So depending on the size, the packet is fragmented and the receiver reassemble them into the complete packet and process it.
    When fragmentation is performed, each IP fragment needs to carry information about which part of the original IP packet it contains.
    This information is kept in the Fragment Offset field, in the IP header.
    An IP fragment with the maximum offset should have data no larger than 7 bytes, or else it would exceed the limit of the maximum packet length.
    So if a MTU allowed on the network is known, a malicious user can send an IP fragment with the maximum offset and with much more data than 8 bytes.
    When the receiver assembles all IP fragments, it will end up with an IP packet which is larger than 65,535 bytes. This may possibly overflow memory buffers which the receiver allocated for the packet, and can cause various problems.
    So to perform attacks like Ping of Death, Buffer Overflow and even DOS attacks, it is necessary to know the packet length allowed on a network o perform denial of any service.
    Note: The above explanation was based on Ping of Death attack.
    The problem has nothing to do with ICMP, which is used only as payload, big enough to exploit the problem. It is a problem in the reassembly process of IP fragments, which may contain any type of protocol (TCP, UDP, IGMP, etc.).

    2. After mirroring a website most of the passive reconnaissance is effective. It is difficult to perform footprinting on a live website that is the reason to clone an entire website and gather information as per the attacker's convenience.

    Hope this helps. Cheers :)
     
    #2
    Baba_2 and Vibhore Jain like this.
  3. Premchander Chandran

    Premchander Chandran Active Member

    Joined:
    May 25, 2019
    Messages:
    42
    Likes Received:
    19
  4. Arjun Sharma_1

    Arjun Sharma_1 Active Member

    Joined:
    May 31, 2019
    Messages:
    17
    Likes Received:
    4
    That was a pretty good explanation. Thank you so much Prem :)
     
    #4
  5. Premchander Chandran

    Premchander Chandran Active Member

    Joined:
    May 25, 2019
    Messages:
    42
    Likes Received:
    19
    My pleasure bud :)
     
    #5
  6. Baba_2

    Baba_2 CEH Trainer
    Alumni

    Joined:
    Sep 7, 2017
    Messages:
    210
    Likes Received:
    108
    #6
  7. Premchander Chandran

    Premchander Chandran Active Member

    Joined:
    May 25, 2019
    Messages:
    42
    Likes Received:
    19
    Thank you Baba, just giving a hand:)
     
    #7

Share This Page