[720] in bugtraq
Re: Hijacking tool
daemon@ATHENA.MIT.EDU (Alec Muffett)
Tue Jan 24 11:18:01 1995
From: Alec.Muffett@UK.Sun.COM (Alec Muffett)
To: bugtraq@fc.net
Date: Tue, 24 Jan 1995 14:27:29 +0000 (GMT)
In-Reply-To: <199501241345.AA15934@mail.fwi.uva.nl> from "Casper Dik" at Jan 24, 95 02:45:39 pm
>
>If you're hijacking *connections* isn't it much easier to just steal
>the filehandles in the kernel?
Not if you're on entirely another host.
That's the point of RTM-Snr's attack, as expanded upon by
Bellovin. Guessing sequence numbers and flooding the remote machine
gives you a window of opportunity to slip in a forged packet with the
right sequence number, and usurp the connection entirely from that
point onwards.
- but you know this, of course. 8-)
- alec
