Re: the next generation of nuke.c

Dorian Deane (dorian@oxygen.house.gov)
Fri, 27 Jan 1995 11:02:02 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Paul Robinson: "Re: Would an encrypted tunnel solve the SeqNo guessing attack?"
Previous message: Harold van Aalderen: "Re: Hijacking tool"
In reply to: smb@research.att.com: "Re: the next generation of nuke.c"
Next in thread: Timothy Newsham: "Re: the next generation of nuke.c"

> 
> Well, RST is more definitive than FIN, somehow...
> 
> That said, the attack you cite is harder to carry out than you think.
> It's easy to guess the next starting sequence number for a connection;
> it's much harder to know what the sequence number status is of an existing
> connection unless you're sniffing the wire.  You'd also have to know
> what the client's port number was; again, without sniffing the wire, that's
> hard to come by, unless one of the two sites has an overly-cooperative
> SNMP server.
> 

I'm sure I'm confused, but...

It seems logical that RST sequence numbers should be ignored.  RSTs are
usually sent to abort a hosed connection, one in which it is likely the
sequence numbers are already out of whack.

???

dorian

Next message: Paul Robinson: "Re: Would an encrypted tunnel solve the SeqNo guessing attack?"
Previous message: Harold van Aalderen: "Re: Hijacking tool"
In reply to: smb@research.att.com: "Re: the next generation of nuke.c"
Next in thread: Timothy Newsham: "Re: the next generation of nuke.c"