1

Topic: Fake of packets

Greetings! In some project I implemented RMI which transport part uses libsodium. For an exchange of keys it is used functions from section Diffie-Hellman from libsodium. For enciphering/decoding functions AEAD crypto_secretbox_easy () and crypto_secretbox_open_easy () from here are used. All works as it is necessary, except for that moment that sometimes in a body of packets the garbage, that type comes that I resulted in the adjacent subject the Author: niXman Date: 10.01 16:59. And here I am am confused with that function crypto_secretbox_open_easy () successfully decrypts this "bad" packet, means, this packet has been spoiled"before application to it crypto_secretbox_easy () which, actually both ciphers this packet and adds to it an authentification tag (on the opposite side). I caught such packets only two times. It is very rare, because this code works already about half a year. Still strangeness that at a feast sent this packet it is impossible to receive IP the address that is similar on SYN-flood attack. Concerning "fake" of packets before enciphering, I think, it can be made by substitution msvcrt `  functions memcpy (). But how with it to struggle? To write the, though and not the fastest implementation of this function (with  .)? A global question: how to be protected? Thanks.  clients - on , the compiler - MinGW-W64. The server - .

2

Re: Fake of packets

Hello, niXman, you wrote: X> I caught such packets only two times. It is very rare, because this code works already about half a year. X> still strangeness that at a feast sent this packet it is impossible to receive IP the address that is similar on SYN-flood attack. You globally confuse something. At SYN flood generally connection is not installed. And if transited TCP handshake (TCP after all?) That the address of other side is known. Even if it is emulated by the nearest . It is impossible to receive IP - can be a consequence of that the sender sent RST. Then itself it is guilty that did not receive the address still in accept (), and waited for possibility to make getpeername () sometime then. And here attack with a fake sequence numbers - here is quite possible. Then you see its taken place variant. But is faster  local breaking of the client. X> concerning "fake" of packets before enciphering, I think, it can be made by substitution msvcrt `  functions memcpy (). But how with it to struggle? To write the, though and not the fastest implementation of this function (with  .)? And how you were going to treat it the remote client user? X> a global question: how to be protected? For example, message sequence numbers in a flow (and then they too are ciphered). After that successfully to decrypt counterfeit TCP you can not any more; and if a smog - that  the program is cracked also a question in it.

3

Re: Fake of packets

Hello, netch80, you wrote: N> You globally confuse something. At SYN flood generally connection is not installed. And if transited TCP handshake (TCP after all?) the address of other side is known. Even if it is emulated by the nearest . Similar, you are right... N> It is impossible to receive IP - can be a consequence of that the sender sent RST. Then itself it is guilty that did not receive the address still in accept (), and waited for possibility to make getpeername () sometime then. By the way yes, a variant... N> And here attack with a fake sequence numbers - here is quite possible. About what speech? N> and how you were going to treat it the remote client user? Clients in this project are able an autoupdate, differently they are disconnected by the server right after version checks. N> for example, message sequence numbers in a flow (and then they too are ciphered). After that successfully to decrypt counterfeit TCP you can not any more; and if a smog - that  the program is cracked also a question in it. Explain , I do not drive...

4

Re: Fake of packets

Still a variant: in the client it is used dll `  libsodium. The enemy could change in source codes libsodium  crypto_secretbox_easy (), in it  a packet, and to collect from these source codes dll ` Ku...  the client with the static version libsodium, helps?

5

Re: Fake of packets

Hello, niXman, you wrote: N>> And here attack with a fake sequence numbers - here is quite possible. X> about what speech? At Alisy leaking seq towards the Bean, for example, 123000, the Bean has the same receiving.  sends a packet with src ip to Alisy and same seq in 123000 size 30 byte. The bean accepts a packet, puts 30 byte in the socket buffer, gives Alise TCP ACK with seq=123030.  sees seq more than that it sent, shouts "Plunder!" Also sends RST towards the Bean. N>> for example, message sequence numbers in a flow (and then they too are ciphered). After that successfully to decrypt counterfeit TCP you can not any more; and if a smog - that  the program is cracked also a question in it. X> explain , I do not drive... You Number sendings - 1,2,3... - and number in the scrambled part that the one who does not know a key, could not play back exactly following number. Then, if it played back, but sent bosh - means, is cracked (or simply bug) not on a network in the middle, and at the client.

6

Re: Fake of packets

Hello, netch80, you wrote: N> you Number sendings - 1,2,3... - and number in the scrambled part that the one who does not know a key, could not play back exactly following number. N> then if it played back, but sent bosh - means, it is cracked (or simply bug) not on a network in the middle, and at the client. All is already invented to us SRTP too keys like do not scatter but... The algorithm of concealment of number is described in https://www.cisco.com/c/en/us/about/sec … -voip.html and implemented in most libsrtp from

7

Re: Fake of packets

Hello, netch80, you wrote: N> you Number sendings - 1,2,3... - and number in the scrambled part that the one who does not know a key, could not play back exactly following number. N> then if it played back, but sent bosh - means, it is cracked (or simply bug) not on a network in the middle, and at the client. I do not understand what for it it is necessary... In an adjacent subject also resulted a packet body. In this body is  YAS title, and it is equal in that place where should be. But in a body of a packet garbage. Same exactly same turns out, as with an enumeration. A packet  before ... Or I miss something?

8

Re: Fake of packets

Hello, reversecode, you wrote: R> all is already invented to us R> SRTP too keys like do not scatter but... R> the algorithm of concealment of number is described in https://www.cisco.com/c/en/us/about/sec … -voip.html R> and the text of %) is implemented in most libsrtp from  oh, how many

9

Re: Fake of packets

If it is absolutely compressed, on transferring and a receiving party the big 64 bit index this 64 index is used used in a vector for aes cryptography on the channel of the data the smaller 32 part of an index  formations 64 bit indexes on a receiving party is transferred only is in exile, in rfc, and most

10

Re: Fake of packets

Hello, niXman, you wrote: X> a global question: how to be protected? It is assured that it is attack, instead of a bug in the client? Perhaps something stupidly did some shooting in storage, where you before .

11

Re: Fake of packets

I to you will tell at me there was a situation with one German the Internet the provider who is severe to everyones   more, probably everyones IDS filters is set to line and so, at the big loading of the channel at the client, the data on tcp in a socket after read came incorrect,  tcp sessions are occupied with a lot of time, and the data ran  time was not to understand, whether on that they i.e. what that drop - out of the data or selectively spoil German  move was mown, a pier at all of us it is normal of you left with tcp on udp+crc32 with

12

Re: Fake of packets

Hello, reversecode, you wrote: R> I to you will tell more... Differently happens, but at niXman to integrity of that all comes from a socket apprx. crypto_secretbox_open_easy () fastens a certain digest to everyone  to a slice and checks it after .

13

Re: Fake of packets

Yes it is clear I only imparted experience though for me was surprising, by rules read should return me what that an error instead of to give the spoiled data