"Nemesis attacks directed through fragrouter could be a most powerful combination for the system auditor to find security problems that could then be reported to the vendor(s), etc." - Curt Wilson in Global Incident Analysis Center Detects Report (SANS Institute - Nov 2000)
[Feb 3 2003]
After a year and a half in hiatus, a new version of Nemesis is nearly complete. The current codebase has been almost entirely rewritten and all that remains before a full release of 1.4 is to complete the updates to the RIP protocol injector and to rewrite the OSPF injector. Rather than make users wait any longer, these beta versions available in the meantime.
Send TCP packet (SYN/ACK) with payload from file 'foo' to target's ssh port from 192.168.1.1 to 192.168.2.2. (-v allows a stdout visual of current injected packet)
send UDP packet from 10.11.12.13:11111 to 10.1.1.2's name-service port with a payload read from a file 'bindpkt'. (again -v is used in order to see confirmation of our injected packet)
send ICMP REDIRECT (network) packet from 10.10.10.3 to 10.10.10.1 with preferred gateway as source address. Here we want no output to go to stdout - which would be ideal as a component in a batch job via a shell script.
send ARP packet through device 'ne0' (eg. my OpenBSD pcmcia nic) from hardware source address 00:01:02:03:04:05 with IP source address 10.11.30.5 to destination IP address 10.10.15.1 with broadcast destination hardware address. In other words, who-has the mac address of 10.10.15.1, tell 10.11.30.5 - assuming 00:01:02:03:04:05 is the source mac address of our 'ne0' device.