[824] in bugtraq
Re: the next generation of nuke.c
daemon@ATHENA.MIT.EDU (Timothy Newsham)
Fri Jan 27 22:12:02 1995
From: newsham@aloha.net (Timothy Newsham)
To: smb@research.att.com
Date: Fri, 27 Jan 1995 16:12:38 -1000 (HST)
Cc: iceman@MBnet.MB.CA, bugtraq@fc.net
In-Reply-To: <199501262053.OAA00835@freeside.fc.net> from "smb@research.att.com" at Jan 26, 95 03:30:13 pm
> That said, the attack you cite is harder to carry out than you think.
> It's easy to guess the next starting sequence number for a connection;
> it's much harder to know what the sequence number status is of an existing
> connection unless you're sniffing the wire. You'd also have to know
> what the client's port number was; again, without sniffing the wire, that's
> hard to come by, unless one of the two sites has an overly-cooperative
> SNMP server.
also worth pointing out that if you have the source and dest address
and port number you can send out a proper icmp unreachable packet
(as opposed to the obviously fake ones nuke sends out).
Tim N.
