Great Circle Associates Firewalls
(December 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: FW-1 does not prevent session hijacking? Please support claim.
From: Brain21 <brain21 @ montag33 . residence . gatech . edu>
Date: Thu, 28 Dec 1995 01:04:00 -0500 (EST)
To: Frank Willoughby <frankw @ in . net>
Cc: firewalls @ GreatCircle . COM
In-reply-to: <9512222318 . AA11894 @ su1 . in . net> 
> 
> FWIW, I've been trying to figure out how they could prevent session 
> hijacking without encryption on the Internet and haven't come up with 
> a solution yet.  While it is an interesting mental exercise, I admit 
> that I'm intrigued and very curious how they do it (assuming the claim 
> is accurate).
> 
This makes me curious too.  Since the ways to stop IP Spoofing are 
encryption, TCPWrappers (or something simialr), and random sequence numbers.

We've ruled out encryption for this example.  TCPWrappers, well the info 
*IS* coming over the same physical wire, so...

Since it is an active sniffing attack randomizing the sequence numbers 
would not really do a damn thing.

This is tough, since we can really predict bit for bit what the headers 
of the ACK packet that we need to send are...

Brain21
Follow-Ups:
References:
Indexed By Date Previous: Re: Holes in SunOS sendmail -Reading Root Mail
From: Doug Hughes <Doug . Hughes @ Eng . Auburn . EDU>
Next: Re: Re[2]: Connection oriented UDP
From: ckchan @ telif . com . sg
Indexed By Thread Previous: Re: FW-1 does not prevent session hijacking? Please support claim.
From: Adam Horwitz <adam @ tripcom . com>
Next: Re: FW-1 does not prevent session hijacking? Please support claim.
From: Darren Reed <avalon @ coombs . anu . edu . au>
Google
 
Search Internet Search www.greatcircle.com