Firewall Wizards mailing list archives

Re: IP Spoofing.

From: Randy Witlicki <randy.witlicki () valley net>
Date: Tue, 28 Sep 1999 21:29:24 -0400


  In the original blind IP spoofing (Mitnick, etc.) you had two
big holes:
   - Predictable initial TCP sequence numbers, and;
   - Trust (as in /.rhosts) with no security perimeter.
  In the classic way of doing it, you do a  "echo X.X.X.X > /.rhosts"
as an rsh command in blind IP spoofing and then your host (X.X.X.X) is
now trusted and you are free to rlogin, etc. (assuming there
is no security perimeter).

  In a prudent setup with both cryptographically strong initial
TCP sequence numbers (you don't need OpenBSD here, but it helps), and
a good security perimeter, you should be immune from the "classic" attack.

  So, the original poster's boss may be correct, if he is refering to
blind spoofing and he has a strong OS with prudent perimeter security.

  - Randy
 -

Sorry, but your boss is wrong.  Get web ferret (it's free) and search for
IP spoofing.  Why would they call it IP spoofing if you couldn't spoof an
IP address?  You typicall have to do it blindly (thus the expression
"blind spoofing"), IOW, you spoof a host, but do not get the response, you
guess or assume the response and proceed accordingly.  Also look up
session hi-jacking.


Carric Dooley CNE
COM2:Interactive Media
http://www.com2usa.com

"In theory, there is no difference between theory
and practice. But, in practice, there is. "
                      - Jan L.A. van de Snepscheut

On Fri, 17 Sep 1999, Christopher C. Petro wrote:

Ok, this is probably not the kind of request that most of you will
want to answer, but I just got in an argument with my boss about IP
spoofing. He claims it is not possible to spoof an IP number, whilst
I am almost certain it is.

Could anyone provide me with a link or pointer to information that I
could use to prove him wrong, or to information that proves me wrong?

Thanks.
--
We have only come here seeking knowledge
Things they would not teach us of in college.--The Police

http://www.atypon.com                              petro () atypon com

Current thread:

IP Spoofing. Christopher C. Petro (Sep 18)
- Re: IP Spoofing. William Stearns (Sep 19)
- Re: IP Spoofing. Tim Kramer (Sep 20)
- RE: IP Spoofing. Joseph Williams (Sep 20)
- Re: IP Spoofing. altellez (Sep 21)
- Re: IP Spoofing. Carric Dooley (Sep 28)
  - Re: IP Spoofing. Randy Witlicki (Sep 29)
    - Re: IP Spoofing. Paul D. Robertson (Sep 30)
    - Re: IP Spoofing. Peter J. Kunz (Sep 30)
    - Re: IP Spoofing. Ivan Arce (Sep 30)
    - Re: IP Spoofing. Emiliano Kargieman (Sep 30)
  - RE: IP Spoofing. Kurt Buff (Sep 30)
    - RE: IP Spoofing. Rick Smith (Sep 30)
- <Possible follow-ups>
- Re: IP Spoofing. Steven M. Bellovin (Sep 19)
- Re: IP Spoofing. Robert Graham (Sep 21)