[1047] in WWW Security List Archive
Re: New York Times article
daemon@ATHENA.MIT.EDU (Nesta Stubbs)
Sun Oct 15 22:03:05 1995
Date: Sun, 15 Oct 1995 17:45:59 -0500 (CDT)
From: Nesta Stubbs <nesta@cynico.com>
To: www-security@ns2.rutgers.edu
In-Reply-To: <9510122014.AA10873@mailserv-D.ftp.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Thu, 12 Oct 1995, Bob Quinn wrote:
> Markoff reveals a serious lack of understanding of Internet protocols.
> His article implies that NFS is used by SMTP, FTP and HTTP. Somehow
> he got it in his head that NFS is a keystone for the entire Internet
> protocol suite.
>
But those protocols are susceptible to a similiar attack. The difference
is that your attacker has to consider sequence numbers since those are
TCP protocols, while NFS is a UDP protocol. It is not difficult to get
the sequence number from the servers packet, then put it into your spoofs
packet's header. This is what the paper was about, the NFS issue was
only explained because ti was a well known hole. Kids have been doing
TCP sequence number spoofing on IRC for a long time, and I'm sure they
have spoofs for other protocols.
Think of it this way. I may not be able to get a sniffer and spoofer on
one of the big routers along the backbone, but it is not difficult at all
to place one on a Internet Service provider, most of which have security
that's laughable, and then spoof TCP packets so that all the users D/Ling
their secure browsers, or whatever program I want to infect, get
corrupted copies. Then I can just sniff al the cards I want as the
6,000+ users of the local ISP go shopping online. Team up with a bud on
another coast, swap numbers, mix-em up a bit and we'de make soem decent
money.
