Bugtraq mailing list archives
Re: IP spoofing vs tcp wrappers and netacl
From: avalon () coombs anu edu au (Darren Reed)
Date: Wed, 25 Jan 1995 10:23:52 +1100 (EDT)
Christopher Klaus says:Probably the best way to prevent IP spoofing attacks is to turn off all ip-based authenication services, ie rsh, rlogin are the main ones.Insufficient. If you can see at least part of the packet stream, you can session-steal. This makes a mockery of things like S/Key. Perry
Umm, to session steal (rather than hijack a connection as it is formed), I believe you need to `guess' ACK numbers for both directions of the TCP connection...ie if you can already see the packets whizzing by, then you are in a good position to steal a session... darren
Current thread:
- Re: IP spoofing vs tcp wrappers and netacl Christopher Klaus (Jan 24)
- Re: IP spoofing vs tcp wrappers and netacl Perry E. Metzger (Jan 24)
- Re: IP spoofing vs tcp wrappers and netacl Christopher Klaus (Jan 24)
- Re: IP spoofing vs tcp wrappers and netacl Perry E. Metzger (Jan 24)
- Re: IP spoofing vs tcp wrappers and netacl Darren Reed (Jan 24)
- Re: IP spoofing vs tcp wrappers and netacl Christopher Klaus (Jan 24)
- Re: IP spoofing vs tcp wrappers and netacl Pete Shipley (Jan 25)
- Re: IP spoofing vs tcp wrappers and netacl Perry E. Metzger (Jan 24)