Vulnerability Development mailing list archives
Re: hijacking TCP connections on FreeBSD
From: Ron DuFresne <dufresne () winternet com>
Date: Wed, 10 Jul 2002 15:19:22 -0500 (CDT)
On Tue, 9 Jul 2002, jmiller wrote:
a man in the middle is not neccessary, you sniff the packets, spoof your ip and or mac, then dos the other box you are spoofing. there is a *nix tool that will do an arp flood, turning all switches into a hub, so you do not need to be on the same subnet either. search for it on freshmeat.net Jmiller
This is of course, assuming you are in a position to sniff the traffic at some point. Otherwise man-in-the-middle is the way to go about the task. Thanks, Ron DuFresne
----- Original Message ----- From: "Ryan Permeh" <ryan () eeye com> To: <elan () compiled org>; <vuln-dev () securityfocus com> Sent: Tuesday, July 09, 2002 10:53 AM Subject: RE: hijacking TCP connections on FreeBSDby using a man in the middle attack, you can do this. You simply need tobeon the route between the host and the computer. I believe dsniff doesthis.Also, you may be able to do it non blindly, on the same network segment as the freebsd machine by sniffing and injecting packets, but there is more possibility of interference at that point. A protection against this is to encrypt your traffic so that neither mitm attacks nor injection attacks can adequately interrupt the packet stream. Signed, Ryan Permeh eEye Digital Security Team http://www.eEye.com/Retina -Network Security Scanner http://www.eEye.com/Iris -Network Traffic Analyzer http://www.eEye.com/SecureIIS -Stop Known and Unknown IIS Vulnerabilities -----Original Message----- From: Elan Hasson [mailto:elan () compiled org] Sent: Monday, July 08, 2002 9:49 PM To: vuln-dev () securityfocus com Subject: hijacking TCP connections on FreeBSD (I'm not sure if this is the correct list for this post) Is it possible to hijack established tcp connections on FreeBSD? if so,how?any programs in existence that do this already? --Elan Hasson http://www.compiled.org -- The programmer's resource.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Current thread:
- hijacking TCP connections on FreeBSD Elan Hasson (Jul 09)
- RE: hijacking TCP connections on FreeBSD Ryan Permeh (Jul 09)
- Re: hijacking TCP connections on FreeBSD jmiller (Jul 10)
- Re: hijacking TCP connections on FreeBSD martin f krafft (Jul 10)
- Re: hijacking TCP connections on FreeBSD Andreas Krennmair (Jul 10)
- Re: hijacking TCP connections on FreeBSD Ron DuFresne (Jul 10)
- Re: hijacking TCP connections on FreeBSD jmiller (Jul 10)
- Re: hijacking TCP connections on FreeBSD tide (Jul 09)
- Re: hijacking TCP connections on FreeBSD Joerg Over (Jul 09)
- Re: hijacking TCP connections on FreeBSD Bojan Zdrnja (Jul 10)
- Re: hijacking TCP connections on FreeBSD ALoR (Jul 09)
- Re: hijacking TCP connections on FreeBSD Craig (Jul 09)
- <Possible follow-ups>
- RE: hijacking TCP connections on FreeBSD Cushing, David (Jul 09)
- Re: hijacking TCP connections on FreeBSD Secterm . (Jul 10)
- RE: hijacking TCP connections on FreeBSD Ryan Permeh (Jul 09)