Re: IP Spoofing.

[Emiliano Kargieman <core.lists.firewall-wizards () core-sdi com>]

Robert Graham wrote:

> The detection of who it was involved simply looking back through the router
> logs. For ISN prediction to work, you have to get the ISN. It's fairly easy to
> track back who retrieved the ISN previous to the one being predicted.
>
> Rob.

Not so easy, you can only track it down to somebody with the ability to sniff
packets somewhere in the path the SYN+ACK packet took back.
The SYN used for retrieving the ISN could also be spoofed.


--
===================[ CORE Seguridad de la Informacion S.A. ]=======================

Emiliano Kargieman                                  emiliano_kargieman () core-sdi com

Director de Investigacion                                          www.core-sdi.com

Corelabs
Pte. Juan D. Peron 315 Piso 4 UF 17
Buenos Aires, (1038). Argentina.                      Tel/Fax : +(54.11)43.31.54.02

===================================================================================

"When I was younger, I could remember anything, whether it had happened or not;
 but my faculties are decaying now and soon I shall be so I cannot remember any
 but the things that never happened. It is sad to go to pieces like this but we all

 have to do it." -- Mark Twain

"La maxima adquisicion psicologica del mundo portenio es la absoluta insumision de
las
nuevas generaciones" -- Florencio Escardo



--- For a personal reply use emiliano_kargieman () core-sdi com