Firewall Wizards mailing list archives
Re: IP Spoofing.
From: Emiliano Kargieman <core.lists.firewall-wizards () core-sdi com>
Date: 1 Oct 1999 19:39:49 -0300
Robert Graham wrote:
The detection of who it was involved simply looking back through the router logs. For ISN prediction to work, you have to get the ISN. It's fairly easy to track back who retrieved the ISN previous to the one being predicted. Rob.
Not so easy, you can only track it down to somebody with the ability to sniff packets somewhere in the path the SYN+ACK packet took back. The SYN used for retrieving the ISN could also be spoofed. -- ===================[ CORE Seguridad de la Informacion S.A. ]======================= Emiliano Kargieman emiliano_kargieman () core-sdi com Director de Investigacion www.core-sdi.com Corelabs Pte. Juan D. Peron 315 Piso 4 UF 17 Buenos Aires, (1038). Argentina. Tel/Fax : +(54.11)43.31.54.02 =================================================================================== "When I was younger, I could remember anything, whether it had happened or not; but my faculties are decaying now and soon I shall be so I cannot remember any but the things that never happened. It is sad to go to pieces like this but we all have to do it." -- Mark Twain "La maxima adquisicion psicologica del mundo portenio es la absoluta insumision de las nuevas generaciones" -- Florencio Escardo --- For a personal reply use emiliano_kargieman () core-sdi com
Current thread:
- RE: IP Spoofing. Robert Graham (Oct 01)
- Using DHCP (was RE: IP Spoofing) Anton J Aylward (Oct 02)
- Re: Using DHCP (was RE: IP Spoofing) Joseph S D Yao (Oct 05)
- Re: IP Spoofing. Emiliano Kargieman (Oct 02)
- Using DHCP (was RE: IP Spoofing) Anton J Aylward (Oct 02)