RE: RE: Session & IP Spoofing

From: Scovetta, Michael V (Michael.Scovetta_at_ca.com)
Date: 12/05/03

  • Next message: Tony Kava: "RE: john the ripper"
    Date: Thu, 4 Dec 2003 18:30:06 -0500
    To: "Nexus" <nexus@patrol.i-way.co.uk>, "pire pire" <pirepire69@romandie.com>, <pen-test@securityfocus.com>
    
    

    True, but with the handshake can be spoofed if you're not on a
    secure O/S. Michael Zalewski wrote a very good paper on sequence
    number prediction:
       http://razor.bindview.com/publish/papers/tcpseq.html

    and that's really all you need to spoof it, and maybe
    a router on your end that doesn't care about the source
    IPs being incorrect.

    Michael Scovetta

    -----Original Message-----
    From: Nexus [mailto:nexus@patrol.i-way.co.uk]
    Sent: Thursday, December 04, 2003 10:46 AM
    To: pire pire; pen-test@securityfocus.com
    Subject: Re: RE: Session & IP Spoofing

    ----- Original Message -----
    From: "pire pire" <pirepire69@romandie.com>
    To: <MThompson@brinkster.com>; <pen-test@securityfocus.com>
    Sent: Thursday, December 04, 2003 9:54 AM
    Subject: RE: RE: Session & IP Spoofing

    > No I don't care about the return traffic! All I
    > need is to sen I GET request with a spoofed IP!

    But you would also need to spoof the TCP 3-way handshake before you can even
    send the HTTP GET request, which is um..... non-trivial ;-)

    Cheers.

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Tony Kava: "RE: john the ripper"

    Relevant Pages

    • Re: SChannel - Client Renegotiation Request Malformed
      ... Handshake Protocol: Hello Request ... If the message has not been decrypted, or if the decryption doesn't work correctly for some reason, then getting bogus values for these fields is not surprising. ... then issues its response also as an Encrypted Handshake Message. ...
      (microsoft.public.platformsdk.security)
    • Re: CT is BAAAAAACK.......8590 stuff (sort of)
      ... now I get immediate response from a request. ... connections are different, ... changed the handshake to software and the early serial cable should have ...
      (comp.sys.ibm.ps2.hardware)
    • Re: better rate limiting against amplification attacks?
      ... mrulist which requires a handshake at the beginning, so the request ... That's what I meant by having to upgrade no ... matter what we do. ...
      (comp.protocols.time.ntp)
    • Question about TCP/IP and SSL with sslstream
      ... I am using vb.net 2005 on SSL connection to a remoted server based on TCP/IP. ... Handshake is done successfully. ... The request I am going to send, is it automatically encrypted and signed? ...
      (microsoft.public.dotnet.security)