Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Exploiting sequence number predictability

From: Iván Arce <core.lists.pentest () CORE-SDI COM>
Date: Tue, 22 Aug 2000 22:27:10 -0300
"Todd, George" wrote:


My two cents on blind tcp spoofing:

        There are several factors that lead to the impracticality of blind
tcp spoofing now days.  The first, and by far the most difficult, is that
most operatings systems pull entries from the entropy pool for the ISN.
Thus making it all but impossible to predict with any certainty the next
ISN.  A possible work-around to this (aside from targeting weak OS's) is to


There is no need to _predict_ the ISN for doing TCP spoofing, at least
not
under certain conditions...

See http://www.nai.com/nai_labs/asp_set/advisory/07_tcpspoofing_adv.asp

-ivan

--
"Understanding. A cerebral secretion that enables one having it to know
 a house from a horse by the roof on the house,
 It's nature and laws have been exhaustively expounded by Locke,
 who rode a house, and Kant, who lived in a horse." - Ambrose Bierce


==================[ CORE Seguridad de la Informacion S.A. ]=========
Iván Arce
Presidente
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A
email: iarce () core-sdi com
http://www.core-sdi.com
Pte. Juan D. Peron 315 Piso 4 UF 17
1038 Capital Federal
Buenos Aires, Argentina.              Tel/Fax : +(54-11) 4331-5402
Casilla de Correos 877 (1000) Correo Central
=====================================================================

--- For a personal reply use iarce () core-sdi com
Previous By Date Next
Previous By Thread Next

Current thread: