Penetration Testing mailing list archives
Re: [PEN-TEST] Exploiting sequence number predictability
From: Iván Arce <core.lists.pentest () CORE-SDI COM>
Date: Tue, 22 Aug 2000 22:27:10 -0300
"Todd, George" wrote:
My two cents on blind tcp spoofing: There are several factors that lead to the impracticality of blind tcp spoofing now days. The first, and by far the most difficult, is that most operatings systems pull entries from the entropy pool for the ISN. Thus making it all but impossible to predict with any certainty the next ISN. A possible work-around to this (aside from targeting weak OS's) is to
There is no need to _predict_ the ISN for doing TCP spoofing, at least not under certain conditions... See http://www.nai.com/nai_labs/asp_set/advisory/07_tcpspoofing_adv.asp -ivan -- "Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, It's nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce ==================[ CORE Seguridad de la Informacion S.A. ]========= Iván Arce Presidente PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A email: iarce () core-sdi com http://www.core-sdi.com Pte. Juan D. Peron 315 Piso 4 UF 17 1038 Capital Federal Buenos Aires, Argentina. Tel/Fax : +(54-11) 4331-5402 Casilla de Correos 877 (1000) Correo Central ===================================================================== --- For a personal reply use iarce () core-sdi com
Current thread:
- Re: [PEN-TEST] Exploiting sequence number predictability, (continued)
- Re: [PEN-TEST] Exploiting sequence number predictability Bill Casti, CQA (Aug 22)
- Re: [PEN-TEST] Exploiting sequence number predictability Erik Tayler (Aug 23)
- Re: [PEN-TEST] Exploiting sequence number predictability Bill Casti, CQA (Aug 22)
- Re: [PEN-TEST] Exploiting sequence number predictability Marshall Beddoe (Aug 22)
- Re: [PEN-TEST] Exploiting sequence number predictability l0rtamus prime (Aug 21)
- [PEN-TEST] Online Security Vulnerability Services Teicher, Mark (Aug 22)
- Re: [PEN-TEST] Exploiting sequence number predictability Ben Lull (Aug 22)
- Re: [PEN-TEST] Exploiting sequence number predictability Hiromi Yanaoka (Aug 22)
- Re: [PEN-TEST] Exploiting sequence number predictability Riley Hassell (Aug 22)
- Re: [PEN-TEST] Exploiting sequence number predictability Jose Nazario (Aug 22)
- Re: [PEN-TEST] Exploiting sequence number predictability Todd, George (Aug 22)
- Re: [PEN-TEST] Exploiting sequence number predictability Iván Arce (Aug 23)
- Re: [PEN-TEST] Exploiting sequence number predictability Jean-Simon Durand (Aug 22)
- Re: [PEN-TEST] Exploiting sequence number predictability Pedro Quintanilha (Aug 23)
- Re: [PEN-TEST] Exploiting sequence number predictability Haroon Meer (Aug 22)