Firewall Wizards mailing list archives
RE: IP Spoofing.
From: Robert Graham <robert_david_graham () yahoo com>
Date: Thu, 30 Sep 1999 20:14:46 -0700 (PDT)
Many years ago, Shimomura posted an account of this to the NetSys firewall mailing list. It was fascinating reading, so I put a copy on my site. A link to it is here: http://www.robertgraham.com/mirror/shimomura-spoofing.html The IP spoofing carried out wasn't to "anonymize" the activity, but simply to subvert a trust relationship with an X terminal. It used TCP seqno prediction and a sort of SYN flood against the spoofee to prevent it from tearing down the connection. It really was the "classic" spoofing attack. The detection of who it was involved simply looking back through the router logs. For ISN prediction to work, you have to get the ISN. It's fairly easy to track back who retrieved the ISN previous to the one being predicted. Rob. --- Rick Smith <rick_smith () securecomputing com> wrote:
At 09:08 PM 9/29/99 -0700, Kurt Buff wrote:Chapter 1 describes Mitnick's compromise of Shimomura's system via Syn flooding and IP spoofing.When working on Internet Cryptography, one reviewer challenged me on a third hand report I included of Mitnick's activities. Does anyone have a reference that explicitly ties Shimomura's penetration to Mitnick? Is that in Shimomura's book? ("Takedown" ??) I admit I've been trying to avoid Shimomura's book since reports made it sound too much like James Bond wannabe stuff. On the other hand, I really enjoyed Victor Sheymov's "Tower of Secrets," and that's probably just a compendium of every cool story he'd ever heard that was unlikely to be in US reports (plus, I suppose, the story of his CIA sponsored escape). Rick. smith () securecomputing com "Internet Cryptography" at http://www.visi.com/crypto/
===== Robert Graham "Anxiously awaiting the millenium so I can start programming dates with 2-digits again." __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com
Current thread:
- RE: IP Spoofing. Robert Graham (Oct 01)
- Using DHCP (was RE: IP Spoofing) Anton J Aylward (Oct 02)
- Re: Using DHCP (was RE: IP Spoofing) Joseph S D Yao (Oct 05)
- Re: IP Spoofing. Emiliano Kargieman (Oct 02)
- Using DHCP (was RE: IP Spoofing) Anton J Aylward (Oct 02)