Firewall Wizards mailing list archives
Re: Session hijacking, source-routes
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Wed, 10 Feb 1999 12:08:15 -0800
Can a TCP session be hijacked if the target system rejects source-routed IP packets?
Sure.
If I understand the process correctly, the attacker quells the legitimate client with a DOS attack
Yes.
and gets the server to route the packets to himself instead
Not neccessarily.
after having observed the proper sequence numbers to use.
Traffic has to already be coming his way to get the sequence numbers, usually.
If my f/w rejects all source-routed packets, are its connections immune to session hijacking,
No. The attacker could already be "in" the network path, and not have a need to re-route packets. The packets that really would need to be source-routed for a hijack would be the other end (your packets.) In general, the atacker can send packets from wherever he likes, and has no need to source-route his packets. Source-routing is most useful in current attacks to reach otherwise unreachable networks across the Internet (say, someone's internal 10.x.x.x network.) Dropping source-routed packets, as well as implementing anti-spoofing measures help with this. Ryan
Current thread:
- Session hijacking, source-routes Ken Hardy (Feb 10)
- Re: Session hijacking, source-routes Bennett Todd (Feb 10)
- Re: Session hijacking, source-routes Paul D. Robertson (Feb 10)
- Re: Session hijacking, source-routes Ken Hardy (Feb 11)
- Re: Session hijacking, source-routes Cohen Liota (Feb 11)
- <Possible follow-ups>
- Re: Session hijacking, source-routes Ryan Russell (Feb 10)