Full Disclosure mailing list archives
Re: TCP Hijacking (aka Man-in-the-Middle)
From: Valdis.Kletnieks () vt edu
Date: Fri, 26 Oct 2007 04:58:36 -0400
On Fri, 26 Oct 2007 12:41:37 +0400, 3APA3A said:
So, generally, 1. there is no reason to spoof both connections. 2. it's
Thank you, Captain Obvious - I specifically *said* that only one of them needs to be blind spoofing.
only possible if sequence number is 100% (or close to 100%) predictable.
And Michael Zalewski's work showed that even on many boxes that *claim* to have RFC1948 randomization, you can do pretty well on the predicting.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- TCP Hijacking (aka Man-in-the-Middle) Oliver (Oct 25)
- Re: TCP Hijacking (aka Man-in-the-Middle) reepex (Oct 25)
- Re: TCP Hijacking (aka Man-in-the-Middle) Oliver (Oct 25)
- Re: TCP Hijacking (aka Man-in-the-Middle) Valdis . Kletnieks (Oct 25)
- Re: TCP Hijacking (aka Man-in-the-Middle) 3APA3A (Oct 25)
- Re: TCP Hijacking (aka Man-in-the-Middle) Valdis . Kletnieks (Oct 25)
- Re: TCP Hijacking (aka Man-in-the-Middle) 3APA3A (Oct 26)
- Re: TCP Hijacking (aka Man-in-the-Middle) Valdis . Kletnieks (Oct 26)
- Re: TCP Hijacking (aka Man-in-the-Middle) 3APA3A (Oct 26)
- Re: TCP Hijacking (aka Man-in-the-Middle) Valdis . Kletnieks (Oct 26)
- Re: TCP Hijacking (aka Man-in-the-Middle) don bailey (Oct 26)
- Re: TCP Hijacking (aka Man-in-the-Middle) reepex (Oct 26)
- Re: TCP Hijacking (aka Man-in-the-Middle) 3APA3A (Oct 25)
- Re: TCP Hijacking (aka Man-in-the-Middle) reepex (Oct 25)
- Re: TCP Hijacking (aka Man-in-the-Middle) Oliver (Oct 29)