RE: hijacking TCP connections on FreeBSD

From: Ryan Permeh (ryan@eeye.com)
Date: 07/09/02


From: "Ryan Permeh" <ryan@eeye.com>
To: <elan@compiled.org>, <vuln-dev@securityfocus.com>
Date: Tue, 9 Jul 2002 10:53:32 -0700

by using a man in the middle attack, you can do this. You simply need to be
on the route between the host and the computer. I believe dsniff does this.
Also, you may be able to do it non blindly, on the same network segment as
the freebsd machine by sniffing and injecting packets, but there is more
possibility of interference at that point.

A protection against this is to encrypt your traffic so that neither mitm
attacks nor injection attacks can adequately interrupt the packet stream.

Signed,
Ryan Permeh
eEye Digital Security Team
http://www.eEye.com/Retina -Network Security Scanner
http://www.eEye.com/Iris -Network Traffic Analyzer
http://www.eEye.com/SecureIIS -Stop Known and Unknown IIS Vulnerabilities

-----Original Message-----
From: Elan Hasson [mailto:elan@compiled.org]
Sent: Monday, July 08, 2002 9:49 PM
To: vuln-dev@securityfocus.com
Subject: hijacking TCP connections on FreeBSD

(I'm not sure if this is the correct list for this post)

Is it possible to hijack established tcp connections on FreeBSD? if so, how?
any programs in existence that do this already?

--Elan Hasson
http://www.compiled.org -- The programmer's resource.



Relevant Pages

  • FreeBSD Security Advisory FreeBSD-SA-03:03.syncookies
    ... FreeBSD implements this technique in the ... TCP stack (where it is referred to as `syncookies') by default. ... allowing brute force attacks on the secrets to be feasible. ... To patch your present system: ...
    (Bugtraq)
  • RE: realpath(3) et al
    ... IBM has a stack smashing protection patch for GCC 3.3 on ... FreeBSD 4.8 available at ... > yes, it stops the current attacks, but the underlying problem that an ... > attacker can change the flow of program execution remains; ...
    (FreeBSD-Security)
  • Re: NTP security hole CVE-2013-5211?
    ... Two months after this vulnerability was announced, we're still seeing attempts to use the NTP "monitor" query to execute and amplify DDoS attacks. ... restrict default kod nomodify notrap nopeer noquery ... We've tested this configuration on our servers and it successfully prevents the latest patches of FreeBSD 9.x and 10.0 from participating in a DDoS attack, either as a relay or as an amplifier. ...
    (FreeBSD-Security)
  • Re: sshit runs out of semaphores
    ... FreeBSD 7.0 p1. ... Could not create semaphore set: ... am also seeing 'slow fire' attacks, where an IP is repeated every 2 ... keep the IP for however many days you set it for so a repeat even hours later ...
    (freebsd-questions)
  • Re: hijacking TCP connections on FreeBSD
    ... a man in the middle is not neccessary, you sniff the packets, spoof your ip ... hijacking TCP connections on FreeBSD ... hijacking TCP connections on FreeBSD ...
    (Vuln-Dev)