Re: Blind IP Spoofing Attacks.

Timothy Newsham (newsham@aloha.net)
Wed, 25 Jan 1995 10:04:18 -1000 (HST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Timothy Newsham: "Re: Blind IP Spoofing Attacks."
Previous message: Casper Dik: "Re: Blind IP Spoofing Attacks."
In reply to: Justin Mason: "Re: Blind IP Spoofing Attacks."
Next in thread: der Mouse: "Re: Blind IP Spoofing Attacks."

> 
> >They mention that NFS and Sun RPC in general are
> >vulnerable to the sequence number attack.  It is true that
> >nfs and other rpc's do rely on IP address for authentication
> >but I dont see how they are vulnerable to an attack.  You
> >need to see the reply in order to get a filehandle in order
> >to do anything with nfs.
> 
> If you can guess the filehandle, you don't need the reply
> packet.

why would anyone do this with TCP sequence number guessing where
the fake connections can only be made for a small fraction of
total attempts when they can spoof udp 100% of the time?

> Also, using rsh to do 'echo "+ +" > /.rhosts' would be a hell of
> a lot easier... ;)

This is the only viable attack with sequence numbers I can think
of, and it relies on a hosts.equiv or .rhosts already being
in place.

> --j.

Next message: Timothy Newsham: "Re: Blind IP Spoofing Attacks."
Previous message: Casper Dik: "Re: Blind IP Spoofing Attacks."
In reply to: Justin Mason: "Re: Blind IP Spoofing Attacks."
Next in thread: der Mouse: "Re: Blind IP Spoofing Attacks."