Re: ACK Tunneling

From: L. Walker (k_aneda@yahoo.com)
Date: 04/02/02 

From: "L. Walker" <k_aneda@yahoo.com>
Date: Tue, 2 Apr 2002 21:24:43 +1000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 2 Apr 2002, Lurgee wrote:

> Is this something to be concerned about or not?
>
> Read an interesting page earlier < http://ntsecurity.nu/papers/acktunneling/
> >
> Whilst the theory sounds applicable, how is it possible for communication to
> be valid using stricly ACK segments?
> Can it be done?
>
> If it's indeed an accurate paper, and the physical implementation is
> possible - are firewall vendors taking it into consideration?
> This *could* be a very dangerous exploit technique for further trojans.
>
> TIA.
>

It is possible I suppose, I haven't looked into it much but I remember a
tarball on packetstorm used for setting up a client and server to bypass a
cisco router, because at the time the ACL only checked establishing TCP
packets (with SYN packet set). Packetstorm->assessment->cisco, shouldn't
be too hard to find. Hope I've been of some help. :)

- --
L. Walker
NOTICE: By spamming this account or scanning the IP address that this message
was sent from, you consent to a free and unrestricted security audit.
- --
If one wants to be a policeman, one must learn how to be a thief.
- --
That's why we spend so much time trying to understand our own motivations
and those of others. That's what makes life so interesting.
   Kaji, Evangelion Ep 18
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8qZUABJ6saYuOFLgRArUTAJ47KnGO1DwsAG//dgmOmpmh5ql5lwCfexUg
QKRYuu5Dp6Bu8NpM66Fzwn8=
=18do
-----END PGP SIGNATURE-----

Loading