Bugtraq mailing list archives
Re: address spoof/no return packets
From: cklaus () shadow net (Christopher Klaus)
Date: Mon, 23 Jan 1995 21:00:13 -0500 (EST)
CERT Advisory CA-95:01 states: "It is important to note that the described attack is possible even if no reply packets can reach the attacker." How can this be?
If you simulate a connection from trusted host and trusted account to something like the rsh port with the following command: echo "+ +" > .rhosts The attacker doesn't need to see the reply packets, but now he/she is able to rlogin/rsh in from anywhere. -- Christopher William Klaus Voice: (404)518-0099. Fax: (404)518-0030 Internet Security Systems, Inc. Computer Security Consulting 2209 Summit Place Drive, Atlanta, GA. 30350-2450.
Current thread:
- Re: address spoof/no return packets Christopher Klaus (Jan 23)
- Re: address spoof/no return packets Aleph One (Jan 24)