Xmas Tree Attack - HACKING 17 Most Dangerous Hacking Attacks (2017)

HACKING 17 Most Dangerous Hacking Attacks (2017)

Chapter 9 – Xmas Tree Attack

Before you would assume this type of attack could only around Christmas time, well, I can assure you it has nothing to do with the event no matter what religion you are looking at.

The details are more technical, therefore to implement Xmas Tree attacks, it is not recommended for beginners.

In Volume 2 - 17 Most tools every hacker should have, I have explained how you can craft and create any packet that you want using Scapy. As I explained in Volume 2 Scapy is indeed a very advanced packet manipulation tool, and you must have a good grasp of networking knowledge, how protocols work down to every single detail.

I have demonstrated by implementing few commands on how to use Scapy for Packet sniffing, furthermore also mentioned that Scapy could be utilized for creating a single unknown packet by changing any of its details such as:

• Any source address

• Any destination address

• Type of service

• We can create IPv4 Address or IPv6 Address

• Change any of the heather fields

• Replace the destination port number

• Modify the source port number

Additionally to craft a unique packet, Scapy also able to:

• Capture any Traffic

• Play or replay any traffic

• Scan for ports

• Discover networking devices

What it comes to an IP Packet, it would contain a heather as well a payload. The IP Heather itself would contain:

• Version – that would specify if it’s an IPV4 or IPV6 packet

• IHL – Internet Header Lenght

• QOS – Quality of Service

• Length – The length of the packet

• ID – Identification Tag

• Fragment Offset

• TTL – Time to Live

• Protocol – This is a type of protocol such as TCP or UDP

• Checksum – This is for error detection

• Source IP

• Destination IP

Each has a flag that can be changed. Therefore would manipulate the network and once you would be ready to implement a Christmas Tree attack, you would want to change those flags by making it look like a Christmas tree. Simply by changing the flags to zeros and ones so the flag field would look like a Christmas tree.

Christmas tree attack would be used to certain networking devices at times where we wouldn’t be exactly sure what type of devices are on the network. Each networking device would behave in a certain way, therefore due to certain responses, the attacker would be able to identify what kind of device is being targeted on the network.

Christmas Tree attacks could cause harm to networking devices in multiple ways. One of the most common ones is the targeted device would keep on rebooting itself in every one hour. For example, it would initiate a self-reboot at:

13:00, then 13:07 system back up and running ok

14:07 reboot again > 14:14 system back up and running ok

15:14 reboot again > 15:21 system back up and running ok

And so on and so forth…

This can be very annoying, as by basic troubleshooting an average engineer would assume that the network is fine, and it would seem that the issue would rely on hardware by having a defective device.

To avoid being attacked by a Christmas Tree types of attack, big business already invested into IPS-s Intrusion Prevention Systems that would help keep away fake crafted packets from Computer Networks.