Firewalls: re: Steve Bellovin's explanation.

Firewalls
(January 1995)

Indexed By Thread: [Previous] [Next]

Subject:	re: Steve Bellovin's explanation.
From:	"Daniel O'Callaghan" <danny @ www . unimelb . edu . au>
Date:	Wed, 25 Jan 1995 19:06:04 +1100 (EST)
To:	"Jon E. Price" <jon @ nytimes . com>
Cc:	firewalls @ GreatCircle . COM, gordy @ nytimes . com
In-reply-to:	<9501242328 . AA09537 @ mailgate . nytimes . com>

On Tue, 24 Jan 1995, Jon E. Price wrote:

> In Steve Bellovin's explanation on how a break-in can occur, he uses a tcp
> sequence number guesser as part of the break-in.
> 
> Why is a tcp sequence number guesser needed for the break-in?
> 
> If a machine B is running rsh and trusts machine A, why can't machine X just
> rsh to machine B spoofing the ip packets with A's  ip address?

This has already been mentioned in the last 12 hours.
B has to receive an acknowledgement of its SSN from A before it believes 
it has a connection.  Thus, A has to send the correct SSN ack to B.

Danny

References:

re: Steve Bellovin's explanation.
From: jon @ nytimes . com (Jon E. Price)

Indexed By Date	Previous:	Re: new CERT advisory From: anthony baxter <anthony . baxter @ aaii . oz . au>
Indexed By Date	Next:	[no subject] From: Olga Aronov <oxa @ bby . com . au>
Indexed By Thread	Previous:	Re: Steve Bellovin's explanation. From: Darren Reed <avalon @ coombs . anu . edu . au>
Indexed By Thread	Next:	re: Steve Bellovin's explanation. From: Brent @ GreatCircle . COM (Brent Chapman)