[Fwd: Re: Real connection spoofing (Firewall Tester)]
From: Burak DAYIOGLU (dayioglu@metu.edu.tr)Date: 09/27/01
- Previous message: Anders Thulin: "Re: FW: baby pen-test question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3BB2BEC4.40EBF9A1@metu.edu.tr> Date: Thu, 27 Sep 2001 08:53:08 +0300 From: Burak DAYIOGLU <dayioglu@metu.edu.tr> To: pen-test@securityfocus.com Subject: [Fwd: Re: Real connection spoofing (Firewall Tester)]
Andrea Barisani wrote:
> Client (ftest.pl) ---> Firewall ---> Sniffer (ftestd.pl)
> 1 - The client (ftest.pl) send a Syn packet with a custom payload
> (Question: is inserting data in a Syn packet legal?)
Data is allowed. If the receiving party supports T/TCP it may save
the data to be used after 3Way-handshake. If the receiving party
does not support T/TCP data will simply be discarded without any
notification to the sender.
> The problem is that between step 2 and step 3 the spoofed address will
> send a valid RST back to the sniffer, the firewall will see it and we
> can't proceed.
I didn't understand this point. If the spoofed source address for the
connection is on the sniffer side of the connection, you shouldn't
expect a reply back unless the firewall is in bridging mode.
cheers.
--
Burak DAYIOGLU
Phone: +90 312 2103379 Fax: +90 312 2103333
http://www.dayioglu.net
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Anders Thulin: "Re: FW: baby pen-test question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
