2

I have seen the SYN flooding packet source code.

But in there, there are nothing about making ethernet packet.

Why source code doesn't manipulate the ethernet header. Why just TCP (It should be manipulated), and IP (It should be also) are manipulated?

If ethernet header is not manipulated, the kernel make the ethernet header's source address with attacker's mac address automatically. So victim can know source mac address, but not IP address (because of randomize IP address when sending SYN packet to victim).

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
A.Cho
  • 571
  • 1
  • 6
  • 17
  • Good question, although all the stuff about hacking is really irrelevant I think? (The question being "When I'm using a raw socket, why do I need to send the TCP and IP headers but not the Ethernet header?") – user253751 Jan 11 '16 at 06:54
  • Good question, but I think you answered it yourself? You might want to look at [this](https://gist.github.com/austinmarton/1922600) –  Jan 11 '16 at 06:57
  • Hmm. I mean if attacker doesn't manipulate ethernet header, then victim can know the attaker's mac address. So why attacker doesn't manipulate source mac address with randomize mac address? – A.Cho Jan 11 '16 at 07:06
  • 1
    The victim will know the mac address of the attacker ONLY if the packet does not pass through a router (i.e., only if they are on the same LAN). – John Hascall Jan 11 '16 at 08:24

1 Answers1

2

mac address only valid inside same lan, and will be changed through gateways. So there is no way the victim can know source mac.

But your gateway can know the source mac, since it is your gateway, it is very easy to track you down even if you change your source mac.

So it is meaningless to change your source mac.

Zang MingJie
  • 5,164
  • 1
  • 14
  • 27