The RafaleX application allows for the creation of custom IP packets. The packet is very customizable and allows for the spoofing of the IP, setting the flags, number of packets, and so forth. RafaleX is becoming hard to locate on the Internet as it appears it is now called Engage Packet Builder.
The RafaleX application is an excellent way to “spoof” custom packets. Attackers can place a valid IP address as the source of the packet and the target will have to attempt to respond to the spoofed address. By sending hundreds of thousands of packets in this manner, an attacker can create a Denial of Service attack against a target.
In this example, the Source IP of the packets to be sent is set to 10.10.10.10 with the source address of port 123. According to Internet etiquette, this should never be able to route on the Internet as the 10.x.x.x range is reserved for Private addressing. Set the destination IP to the target address. In this example it is 172.16.1.40. Set the Destination
port to port 21. The SYN and ACK flags were set for each packet.
*Note: The Ethernet communications process requires a three-way handshake:
SYN: Synchronize
SYN-ACK: Synchronize-Acknowledge
ACK: Acknowledge
When a computer receives an uninitiated SYN-ACK packet its response is to send a RST (Reset) packet.
The number of packets was set to 100. Click the Send button to send the packets to the target. The Status area at the bottom left of the application will tell you that the packets were sent. 
The proof is below screen shot captured from packet capturing tool
No comments:
Post a Comment