Penetration Testing mailing list archives
[Fwd: Re: Real connection spoofing (Firewall Tester)]
From: Burak DAYIOGLU <dayioglu () metu edu tr>
Date: Thu, 27 Sep 2001 08:53:08 +0300
Andrea Barisani wrote:
Client (ftest.pl) ---> Firewall ---> Sniffer (ftestd.pl) 1 - The client (ftest.pl) send a Syn packet with a custom payload (Question: is inserting data in a Syn packet legal?)
Data is allowed. If the receiving party supports T/TCP it may save the data to be used after 3Way-handshake. If the receiving party does not support T/TCP data will simply be discarded without any notification to the sender.
The problem is that between step 2 and step 3 the spoofed address will send a valid RST back to the sniffer, the firewall will see it and we can't proceed.
I didn't understand this point. If the spoofed source address for the connection is on the sniffer side of the connection, you shouldn't expect a reply back unless the firewall is in bridging mode. cheers. -- Burak DAYIOGLU Phone: +90 312 2103379 Fax: +90 312 2103333 http://www.dayioglu.net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- [Fwd: Re: Real connection spoofing (Firewall Tester)] Burak DAYIOGLU (Sep 27)