Firewalls: Re: Mitnick & the TCP Sequence Number Attack on Shimomura (LONG posting)

Firewalls
(January 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Mitnick & the TCP Sequence Number Attack on Shimomura (LONG posting)
From:	Ron DuFresne <dufresne @ winternet . com>
Date:	Thu, 11 Jan 1996 11:50:54 -0600 (CST)
To:	Brain21 <brain21 @ montag33 . residence . gatech . edu>
Cc:	Doug Hughes <Doug . Hughes @ Eng . Auburn . EDU>, firewalls @ GreatCircle . COM
In-reply-to:	<Pine . LNX . 3 . 91 . 960110223323 . 18440F-100000 @ montag33 . residence . gatech . edu>
Posted-date:	Thu, 11 Jan 1996 11:50:56 -0600

On Wed, 10 Jan 1996, Brain21 wrote:

> On Wed, 10 Jan 1996, Doug Hughes wrote:
> 
> > 2) the spoofing attack had not become common knowledge and widespread use
> > until this series of attacks was demonstrated. Papers had been around
> > for years on the potential for this, but, as I recall, until this time, 
> > there weren't any hacker tools that were widely known about for exploiting.
> 
> I agree, but the possibility is always there.  If you are in the security 
> business, then it pays to protect against everything possible, and not to 
> underestimate your "adversaries."
> 
> > Remember, (Not that this means anything but), the CERT advisory wasn't
> > published until 1/23 95 and the attacks took place over Xmas of '94.
> >  To the best of my recollection, the sequence number randomizing (which
> > is MUCH harder to implement than the router rules that prevent spoofing)
> > wasn't available until January of '95 either.
> >  Now, CERT is usually slow about announcing such things, but, the patch
> > was relatively simple to implement in a router, so, you'd think that
> > not long after they heard about it, it would be posted. Even the sites
> 
> That doesn't necessarily mean anything.  I've seen advisories come out 
> from cert WELL after other advisories have come out on other mailing 
> lists, with patches and everything.
> 
> 
> I think my point is that Shimomura should not have underestimated Mitnick 
> or anyone, especially since he KNEW that it was possible.  
> Overconfidence?  I don't know.  Maybe Shimomura didn't even set up the 
> security there and trusted it?  I don't know.  I just find it kinda ironic.
> 
> Brain21
> 


Agreed, either we have here an exterme case of over-confidence, 
misconfiguring by others really doing the security, or good old Mitnick 
was 'invited' in a case bordering on entrapment.  Seems very strange in 
either way, seems strange if not an outright blunder.

Later,


Ron Dufresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

References:

Re: Mitnick & the TCP Sequence Number Attack on Shimomura (LONG posting)
From: Brain21 <brain21 @ montag33 . residence . gatech . edu>

Indexed By Date	Previous:	Re: Allow SSL through a firewall? From: David Loysen <dwl @ hnc . com>
Indexed By Date	Next:	XTACACS Help Needed From: Juan Carlos Machado <juank @ ciat . cgiar . org>
Indexed By Thread	Previous:	Re: Mitnick & the TCP Sequence Number Attack on Shimomura (LONG posting) From: Doug Hughes <Doug . Hughes @ Eng . Auburn . EDU>
Indexed By Thread	Next:	Re: Mitnick & the TCP Sequence Number Attack on Shimomura (LONG posting) From: Brain21 <brain21 @ montag33 . residence . gatech . edu>