Vulnerability Development mailing list archives
Re: forged packets?
From: ctor () KRIXOR XY ORG (ctor)
Date: Mon, 25 Oct 1999 19:41:06 +0200
On Mon, 25 Oct 1999, Kelvin Fu wrote:
IMPACT Any local user can send any packet to any host from most Linux
AFAIK, a local user ( root?) on a linux system if running nmap is able to perform decoy scans with the -D option. This option enables a user to 'spoof' his/her IP address to that of another host which will result in the spoofed Ip to appear to be scanning the victim. If Im not wrong, doesnt this ability to be able to spoof IP addresses coincide with the 'user-rawip-attack' vulnerabilty addressed by Marc?
for nmap -D, the local user should be root or someone with priviledgies enough to open a raw socket.. his advisory says 'Any local user'.. However, the advisory is just mentioning sending packets out.. I can't see how this possibly can affect TCP-services relying on IP-adress authentication unless it's also possible to peek at incoming packets..?? ~~~<*>~~~ Web: http://elemental.webservices.se/ ICQ: 3534707 PGP: `finger ctor () sangis kalix net` IRCnet: ctor ~~~<*>~~~
Current thread:
- forged packets? Kelvin Fu (Oct 25)
- Re: forged packets? CyberPsychotic (Oct 24)
- Re: forged packets? Ryan Permeh (Oct 25)
- Re: forged packets? Ron DuFresne (Oct 26)
- Re: forged packets? ctor (Oct 25)
- ICQ 2000 Elias Levy (Oct 25)
- Re: ICQ 2000 Blue Boar (Oct 25)
- Re: ICQ 2000 Sean Burford (Oct 25)
- Re: ICQ 2000 Brad Griffin (Oct 26)
- Re: ICQ 2000 Blue Boar (Oct 25)
- icq2000 Brad Griffin (Oct 26)
- Re: ICQ 2000 Damm, Mike (Oct 26)
- Re: ICQ 2000 Brad Griffin (Oct 26)
- FreeBSD listen() 3APA3A (Oct 27)
- Re: FreeBSD listen() CyberPsychotic (Oct 27)
- Re: FreeBSD listen() 3APA3A (Oct 29)