Firewall Wizards mailing list archives
Re: IP Spoofing.
From: "Peter J. Kunz" <pkunz () icu unizh ch>
Date: Thu, 30 Sep 1999 16:56:31 +0200
Randy Witlicki wrote:
In the original blind IP spoofing (Mitnick, etc.) you had two big holes: - Predictable initial TCP sequence numbers, and; - Trust (as in /.rhosts) with no security perimeter. In the classic way of doing it, you do a "echo X.X.X.X > /.rhosts" as an rsh command in blind IP spoofing and then your host (X.X.X.X) is now trusted and you are free to rlogin, etc. (assuming there is no security perimeter).
Uhm, wouldn't you need access authority to have rsh work on the remote host?...
In a prudent setup with both cryptographically strong initial TCP sequence numbers (you don't need OpenBSD here, but it helps), and a good security perimeter, you should be immune from the "classic" attack.
I notice in nmap there are different values for TCP prediction. Anyone care to elaborate what teh different techniques are and why guessing on some is harder than others (apart from crypto, of course :-)) )? Btw, on what kinds of number prediction does that network tool for Solaris work on - I think it's IP-Watch. It allows you to hijack a TCP session.
Could anyone provide me with a link or pointer to information that I could use to prove him wrong, or to information that proves me wrong?
Bellovin's '89 or '93 paper (Computer Communications Review, perhaps at att.com) or Morris's '85 paper http://www.eecs.harvard.edu/~rtm/papers.html cu -pete
Current thread:
- IP Spoofing. Christopher C. Petro (Sep 18)
- Re: IP Spoofing. William Stearns (Sep 19)
- Re: IP Spoofing. Tim Kramer (Sep 20)
- RE: IP Spoofing. Joseph Williams (Sep 20)
- Re: IP Spoofing. altellez (Sep 21)
- Re: IP Spoofing. Carric Dooley (Sep 28)
- Re: IP Spoofing. Randy Witlicki (Sep 29)
- Re: IP Spoofing. Paul D. Robertson (Sep 30)
- Re: IP Spoofing. Peter J. Kunz (Sep 30)
- Re: IP Spoofing. Ivan Arce (Sep 30)
- Re: IP Spoofing. Emiliano Kargieman (Sep 30)
- RE: IP Spoofing. Kurt Buff (Sep 30)
- RE: IP Spoofing. Rick Smith (Sep 30)
- Re: IP Spoofing. Randy Witlicki (Sep 29)
- <Possible follow-ups>
- Re: IP Spoofing. Steven M. Bellovin (Sep 19)
- Re: IP Spoofing. Robert Graham (Sep 21)