[750] in bugtraq
Re: IP spoofing vs tcp wrappers and netacl
daemon@ATHENA.MIT.EDU (Darren Reed)
Tue Jan 24 20:29:32 1995
From: Darren Reed <avalon@coombs.anu.edu.au>
To: perry@imsi.com
Date: Wed, 25 Jan 1995 10:23:52 +1100 (EDT)
Cc: bugtraq@fc.net
In-Reply-To: <9501241807.AA13658@snark.imsi.com> from "Perry E. Metzger" at Jan 24, 95 01:07:28 pm
>
>
> Christopher Klaus says:
> > Probably the best way to prevent IP spoofing attacks is to turn off all
> > ip-based authenication services, ie rsh, rlogin are the main ones.
>
> Insufficient. If you can see at least part of the packet stream, you
> can session-steal. This makes a mockery of things like S/Key.
>
> Perry
Umm, to session steal (rather than hijack a connection as it is formed),
I believe you need to `guess' ACK numbers for both directions of the TCP
connection...ie if you can already see the packets whizzing by, then you
are in a good position to steal a session...
darren
