RE: RE: Session & IP Spoofing

From: Scovetta, Michael V (Michael.Scovetta_at_ca.com)
Date: 12/05/03

Next message: Tony Kava: "RE: john the ripper"

Previous message: Frank Knobbe: "Re: RE: Session & IP Spoofing"
Maybe in reply to: Scovetta, Michael V: "RE: Session & IP Spoofing"
Next in thread: Stephen de Vries: "Re: Session & IP Spoofing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 4 Dec 2003 18:30:06 -0500
To: "Nexus" <nexus@patrol.i-way.co.uk>, "pire pire" <pirepire69@romandie.com>, <pen-test@securityfocus.com>

True, but with the handshake can be spoofed if you're not on a
secure O/S. Michael Zalewski wrote a very good paper on sequence
number prediction:
http://razor.bindview.com/publish/papers/tcpseq.html

and that's really all you need to spoof it, and maybe
a router on your end that doesn't care about the source
IPs being incorrect.

Michael Scovetta

-----Original Message-----
From: Nexus [mailto:nexus@patrol.i-way.co.uk]
Sent: Thursday, December 04, 2003 10:46 AM
To: pire pire; pen-test@securityfocus.com
Subject: Re: RE: Session & IP Spoofing

----- Original Message -----
From: "pire pire" <pirepire69@romandie.com>
To: <MThompson@brinkster.com>; <pen-test@securityfocus.com>
Sent: Thursday, December 04, 2003 9:54 AM
Subject: RE: RE: Session & IP Spoofing

> No I don't care about the return traffic! All I
> need is to sen I GET request with a spoofed IP!

But you would also need to spoof the TCP 3-way handshake before you can even
send the HTTP GET request, which is um..... non-trivial ;-)

Cheers.

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Tony Kava: "RE: john the ripper"

Previous message: Frank Knobbe: "Re: RE: Session & IP Spoofing"
Maybe in reply to: Scovetta, Michael V: "RE: Session & IP Spoofing"
Next in thread: Stephen de Vries: "Re: Session & IP Spoofing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: SChannel - Client Renegotiation Request Malformed
... Handshake Protocol: Hello Request ... If the message has not been decrypted, or if the decryption doesn't work correctly for some reason, then getting bogus values for these fields is not surprising. ... then issues its response also as an Encrypted Handshake Message. ...
(microsoft.public.platformsdk.security)
Re: CT is BAAAAAACK.......8590 stuff (sort of)
... now I get immediate response from a request. ... connections are different, ... changed the handshake to software and the early serial cable should have ...
(comp.sys.ibm.ps2.hardware)
Question about TCP/IP and SSL with sslstream
... I am using vb.net 2005 on SSL connection to a remoted server based on TCP/IP. ... Handshake is done successfully. ... The request I am going to send, is it automatically encrypted and signed? ...
(microsoft.public.dotnet.security)
Re: Hello Request
... Have done a initial handshake for a request from a client without ... authentication for the next request from the same client but it uses ...
(comp.os.linux.security)