Firewall Wizards mailing list archives
Re: IP Spoofing.
From: Randy Witlicki <randy.witlicki () valley net>
Date: Tue, 28 Sep 1999 21:29:24 -0400
In the original blind IP spoofing (Mitnick, etc.) you had two big holes: - Predictable initial TCP sequence numbers, and; - Trust (as in /.rhosts) with no security perimeter. In the classic way of doing it, you do a "echo X.X.X.X > /.rhosts" as an rsh command in blind IP spoofing and then your host (X.X.X.X) is now trusted and you are free to rlogin, etc. (assuming there is no security perimeter). In a prudent setup with both cryptographically strong initial TCP sequence numbers (you don't need OpenBSD here, but it helps), and a good security perimeter, you should be immune from the "classic" attack. So, the original poster's boss may be correct, if he is refering to blind spoofing and he has a strong OS with prudent perimeter security. - Randy -
Sorry, but your boss is wrong. Get web ferret (it's free) and search for IP spoofing. Why would they call it IP spoofing if you couldn't spoof an IP address? You typicall have to do it blindly (thus the expression "blind spoofing"), IOW, you spoof a host, but do not get the response, you guess or assume the response and proceed accordingly. Also look up session hi-jacking. Carric Dooley CNE COM2:Interactive Media http://www.com2usa.com "In theory, there is no difference between theory and practice. But, in practice, there is. " - Jan L.A. van de Snepscheut On Fri, 17 Sep 1999, Christopher C. Petro wrote:Ok, this is probably not the kind of request that most of you will want to answer, but I just got in an argument with my boss about IP spoofing. He claims it is not possible to spoof an IP number, whilst I am almost certain it is. Could anyone provide me with a link or pointer to information that I could use to prove him wrong, or to information that proves me wrong? Thanks. -- We have only come here seeking knowledge Things they would not teach us of in college.--The Police http://www.atypon.com petro () atypon com
Current thread:
- IP Spoofing. Christopher C. Petro (Sep 18)
- Re: IP Spoofing. William Stearns (Sep 19)
- Re: IP Spoofing. Tim Kramer (Sep 20)
- RE: IP Spoofing. Joseph Williams (Sep 20)
- Re: IP Spoofing. altellez (Sep 21)
- Re: IP Spoofing. Carric Dooley (Sep 28)
- Re: IP Spoofing. Randy Witlicki (Sep 29)
- Re: IP Spoofing. Paul D. Robertson (Sep 30)
- Re: IP Spoofing. Peter J. Kunz (Sep 30)
- Re: IP Spoofing. Ivan Arce (Sep 30)
- Re: IP Spoofing. Emiliano Kargieman (Sep 30)
- RE: IP Spoofing. Kurt Buff (Sep 30)
- RE: IP Spoofing. Rick Smith (Sep 30)
- Re: IP Spoofing. Randy Witlicki (Sep 29)
- <Possible follow-ups>
- Re: IP Spoofing. Steven M. Bellovin (Sep 19)
- Re: IP Spoofing. Robert Graham (Sep 21)