Vulnerability Development mailing list archives

Re: forged packets?

From: ctor () KRIXOR XY ORG (ctor)
Date: Mon, 25 Oct 1999 19:41:06 +0200


On Mon, 25 Oct 1999, Kelvin Fu wrote:

IMPACT
   Any local user can send any packet to any host from most Linux

AFAIK, a local user ( root?) on a linux system if running nmap is able
to perform decoy scans with the -D option. This option enables a user to
'spoof' his/her IP address to that of another host which will result in
the spoofed Ip to appear to be scanning the victim. If Im not wrong,
doesnt this ability to be able to spoof IP  addresses coincide with the
'user-rawip-attack' vulnerabilty addressed by Marc?


for nmap -D, the local user should be root or someone with priviledgies
enough to open a raw socket.. his advisory says 'Any local user'..

However, the advisory is just mentioning sending packets out.. I can't see how
this possibly can affect TCP-services relying on IP-adress authentication
unless it's also possible to peek at incoming packets..??

~~~<*>~~~

Web: http://elemental.webservices.se/              ICQ: 3534707
PGP: `finger ctor () sangis kalix net`          IRCnet: ctor

~~~<*>~~~

Current thread:

forged packets? Kelvin Fu (Oct 25)
- Re: forged packets? CyberPsychotic (Oct 24)
- Re: forged packets? Ryan Permeh (Oct 25)
  - Re: forged packets? Ron DuFresne (Oct 26)
- Re: forged packets? ctor (Oct 25)
- ICQ 2000 Elias Levy (Oct 25)
  - Re: ICQ 2000 Blue Boar (Oct 25)
    - Re: ICQ 2000 Sean Burford (Oct 25)
    - Re: ICQ 2000 Brad Griffin (Oct 26)
  - icq2000 Brad Griffin (Oct 26)
  - Re: ICQ 2000 Damm, Mike (Oct 26)
    - Re: ICQ 2000 Brad Griffin (Oct 26)
    - FreeBSD listen() 3APA3A (Oct 27)
    - Re: FreeBSD listen() CyberPsychotic (Oct 27)
    - Re: FreeBSD listen() 3APA3A (Oct 29)

(Thread continues...)