Skip to content
Advertisement

Rst packets sent with libnet do not reset the connection

I am trying to do ‘rst hijacking’ by using a c script with libcap and libnet included. I use libcap to sniff all packets coming from and going to a host given as input to the program via the commandline. Then libnet sends rst packets to the host trying to connect to the specified host. However when I run the script and connect to the given host via ssh I can do this without the connection being reset. I am using Kali Linux 2019.4 64 bit version. This is the code:

JavaScript

When I run it like this I:

JavaScript

and meanwhile connect to 19.168.74.37 via ssh the output tells me that it is resetting the connection but I still can use the terminal in the ssh connection as usual. Now my question is what is causing the behavior of this program and how to fix it to properly reset the connection? Here is the output of running:

JavaScript
JavaScript

Advertisement

Answer

The port numbers of the rst-packets are the wrong.

This line

JavaScript

shows, that the connection is established from 192.168.74.69 port 35340 to the ssh server running on 192.168.74.37 port 22

but this rst packet

JavaScript

resets a connection from host 192.168.74.69 port 22, to host 192.168.74.37 port 35340

You have to swap the port numbers (or the ip numbers, depending on if you send the packet to the server or to the client) in the rst packet.

User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement