Vulnerability Development mailing list archives
Re: TCP/IP ISN Prediction Susceptibility
From: Holger van Koll <holger () VANKOLL DE>
Date: Tue, 13 Mar 2001 21:29:18 +0100
"Solar, Eclipse" wrote:
Quoted from http://www.guardent.net/pr2001-03-12-ips.html
... I´d like to quote something else: "For example, utilizing a common Internet or corporate network connection, an attacker exploiting this weakness could perform operations such as: Session hijacking, where a user's connection to a computer system is taken over by an attacker, who then can operate under the authorized user's identity in applications to which that user has access (such as financial applications, Internet infrastructure management, etc.) " Could somebody explain how session hijacking is related to ISN-guessing? "session" means it is already established. ISN are done. If I am able to sniff the session, I dont need ISN-guessing. I can insert pakets based on the sniffed SN. If I can´t (and therefor ISN-guessing would be helpful) it is IMHO of no use for already established sessions. Can somebody shed some light on this? Regards, Holger
Current thread:
- TCP/IP ISN Prediction Susceptibility Solar, Eclipse (Mar 12)
- Re: TCP/IP ISN Prediction Susceptibility Crist Clark (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Solar, Eclipse (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Holger van Koll (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Elias Levy (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Olaf Kirch (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Lincoln Yeoh (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Elias Levy (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Crist Clark (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Mike Sues (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Dom De Vitto (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Vitaly Osipov (Mar 13)
- Re: TCP/IP ISN Prediction Susceptibility Lincoln Yeoh (Mar 14)
- Re: TCP/IP ISN Prediction Susceptibility Mike Fedyk (Mar 14)
- <Possible follow-ups>
- Re: TCP/IP ISN Prediction Susceptibility Eric D. Williams (Mar 13)