Firewall Wizards mailing list archives
Re: Can a port be spoofed?
From: Chris Brenton <cbrenton () sover net>
Date: Sat, 03 Oct 1998 00:10:28 -0400
twalls - Troy Walls wrote:
If a customer opens a dedicated port in their firewall and looks for a dedicated port from my firewall, is it likely to be spoofed. What is the level of difficulty?
I assume you are talking about a tunnel? A posture that accepts inbound traffic from only a specific IP address to a specific port number? If so, this is classic man-in-the-middle. Since the IP address and port does not change, all an attacker has to find is the sequence numbers. I believe the archives of this list has quite a bit on doing sequence number prediction. The attacker would also need to known what kind of data needs to be injected but they may be able to derive this from the port number used, the contents of the data stream if encryption is not used, or via brute force attack. So the short answer is yes it is possible, but don't expect to see this attack originating from grade-school.edu. ;) The big question is whether there is anything on the other side of the firewall that would make it worth someone's while to go through this attack? This is a typical risk assessment issue. Cheers, Chris -- ************************************** cbrenton () sover net * Multiprotocol Network Design & Troubleshooting http://www.amazon.com/exec/obidos/ISBN=0782120822/0740-8883012-887529 * Mastering Network Security http://www.amazon.com/exec/obidos/ISBN%3D0782123430/002-0346046-8151850
Current thread:
- Can a port be spoofed? twalls - Troy Walls (Oct 02)
- Re: Can a port be spoofed? Chris Brenton (Oct 05)
- Re: Can a port be spoofed? Chris Cappuccio (Oct 05)
- <Possible follow-ups>
- Re: Can a port be spoofed? Ryan Russell (Oct 05)