[761] in bugtraq
Re: address spoof/no return packets
daemon@ATHENA.MIT.EDU (Aleph One)
Wed Jan 25 07:19:20 1995
Date: Tue, 24 Jan 1995 19:01:26 -0600 (CST)
From: Aleph One <aleph1@dfw.net>
To: Christopher Klaus <cklaus@shadow.net>
Cc: "Jon E. Price" <jon@nytimes.com>, firewalls@greatcircle.com,
gordy@nytimes.com, bugtraq@fc.net
In-Reply-To: <199501240200.VAA07906@shadow.net>
On Mon, 23 Jan 1995, Christopher Klaus wrote:
>
> If you simulate a connection from trusted host and trusted account to
> something like the rsh port with the following command:
>
> echo "+ +" > .rhosts
>
> The attacker doesn't need to see the reply packets, but now he/she is
> able to rlogin/rsh in from anywhere.
>
This is asuming that you can reach the r-commands deamons to begin with.
If the firewall filters those then you can still only have a one way
connection to the machine.
a1
http://underground.org
