Re: IP spoofing vs tcp wrappers and netacl

Darren Reed (avalon@coombs.anu.edu.au)
Wed, 25 Jan 1995 10:23:52 +1100 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Evans: "Re: Hijacking tool"
Previous message: Jim Duncan: "Re: Router filtering not enough! (Was: Re: CERT advisory )"
In reply to: Perry E. Metzger: "Re: IP spoofing vs tcp wrappers and netacl"
Next in thread: Pete Shipley: "Re: IP spoofing vs tcp wrappers and netacl"

> 
> 
> Christopher Klaus says:
> > Probably the best way to prevent IP spoofing attacks is to turn off all
> > ip-based authenication services, ie rsh, rlogin are the main ones.
> 
> Insufficient. If you can see at least part of the packet stream, you
> can session-steal. This makes a mockery of things like S/Key.
> 
> Perry

Umm, to session steal (rather than hijack a connection as it is formed),
I believe you need to `guess' ACK numbers for both directions of the TCP
connection...ie if you can already see the packets whizzing by, then you
are in a good position to steal a session...

darren

Next message: John Evans: "Re: Hijacking tool"
Previous message: Jim Duncan: "Re: Router filtering not enough! (Was: Re: CERT advisory )"
In reply to: Perry E. Metzger: "Re: IP spoofing vs tcp wrappers and netacl"
Next in thread: Pete Shipley: "Re: IP spoofing vs tcp wrappers and netacl"