[712] in bugtraq
Re: address spoof/no return packets
daemon@ATHENA.MIT.EDU (Christopher Klaus)
Mon Jan 23 22:09:01 1995
From: Christopher Klaus <cklaus@shadow.net>
To: jon@nytimes.com (Jon E. Price)
Date: Mon, 23 Jan 1995 21:00:13 -0500 (EST)
Cc: firewalls@GreatCircle.COM, gordy@nytimes.com, bugtraq@fc.net
In-Reply-To: <9501232328.AA23747@mailgate.nytimes.com> from "Jon E. Price" at Jan 23, 95 06:28:32 pm
>
>
> CERT Advisory CA-95:01 states:
> "It is important to note that the described attack is possible even if no
> reply packets can reach the attacker."
>
> How can this be?
If you simulate a connection from trusted host and trusted account to
something like the rsh port with the following command:
echo "+ +" > .rhosts
The attacker doesn't need to see the reply packets, but now he/she is
able to rlogin/rsh in from anywhere.
--
Christopher William Klaus Voice: (404)518-0099. Fax: (404)518-0030
Internet Security Systems, Inc. Computer Security Consulting
2209 Summit Place Drive, Atlanta, GA. 30350-2450.
