RE: hijacking TCP connections on FreeBSD

From: Ryan Permeh (ryan@eeye.com)
Date: 07/09/02


From: "Ryan Permeh" <ryan@eeye.com>
To: <elan@compiled.org>, <vuln-dev@securityfocus.com>
Date: Tue, 9 Jul 2002 10:53:32 -0700

by using a man in the middle attack, you can do this. You simply need to be
on the route between the host and the computer. I believe dsniff does this.
Also, you may be able to do it non blindly, on the same network segment as
the freebsd machine by sniffing and injecting packets, but there is more
possibility of interference at that point.

A protection against this is to encrypt your traffic so that neither mitm
attacks nor injection attacks can adequately interrupt the packet stream.

Signed,
Ryan Permeh
eEye Digital Security Team
http://www.eEye.com/Retina -Network Security Scanner
http://www.eEye.com/Iris -Network Traffic Analyzer
http://www.eEye.com/SecureIIS -Stop Known and Unknown IIS Vulnerabilities

-----Original Message-----
From: Elan Hasson [mailto:elan@compiled.org]
Sent: Monday, July 08, 2002 9:49 PM
To: vuln-dev@securityfocus.com
Subject: hijacking TCP connections on FreeBSD

(I'm not sure if this is the correct list for this post)

Is it possible to hijack established tcp connections on FreeBSD? if so, how?
any programs in existence that do this already?

--Elan Hasson
http://www.compiled.org -- The programmer's resource.