Vulnerability Development mailing list archives

Re: forged packets?

From: taylord () INFOSECURE COM AU (David Taylor)
Date: Tue, 26 Oct 1999 08:32:34 +0800


On Mon, 25 Oct 1999, Kelvin Fu wrote:

Forgive me if Im asking a stupid question this issue has been bothering
for quite some time now. Anyhow, here goes.

Marc SCHAEFER recently sent a message titled ' Local user can send
forged packets' to bugtraq. I quote :

[snip]

AFAIK, a local user ( root?) on a linux system if running nmap is able
to perform decoy scans with the -D option. This option enables a user to
'spoof' his/her IP address to that of another host which will result in
the spoofed Ip to appear to be scanning the victim. If Im not wrong,
doesnt this ability to be able to spoof IP  addresses coincide with the
'user-rawip-attack' vulnerabilty addressed by Marc?


Kelvin,

nmap requires root in order to perform a -D scan.  The vulnerability that
Marc was telling us about was a condition where non-root users could gain
access to raw IP sockets, allowing them to send forged packets.  This is
generally considered to be a bad thing.

Regards,
Dave Taylor

Current thread:

Re: ICQ 2000, (continued)
- - - Re: ICQ 2000 Bernie Cosell (Oct 27)
    - Re: ICQ 2000 Ripple (Oct 26)
    - Re: ICQ 2000 Sean Burford (Oct 26)
    - stealth executables Brad Griffin (Oct 26)
    - Re: stealth executables Adolfo Soto (Sep 30)
    - [Fwd: ICQ 2000] Blue Boar (Oct 26)
    - Re: [Fwd: ICQ 2000] Brad Griffin (Oct 27)
    - Re: ICQ 2000 Blue Boar (Oct 30)
- Re: forged packets? David Schwartz (Oct 25)
  - Re: forged packets? Ron DuFresne (Oct 26)
- Re: forged packets? David Taylor (Oct 25)