Firewalls: Re: Spoofing... How does it work.

Firewalls
(November 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Spoofing... How does it work.
From:	GUINET Thierry <thierry @ namsa . nato . int>
Date:	Tue, 05 Nov 1996 08:16:32 +0100
To:	Rodrigo Ormonde <ormonde @ trem . cnt . org . br>
Cc:	Firewalls @ GreatCircle . com
References:	<9611041752 . AA10474 @ trem . cnt . org . br>

Rodrigo Ormonde wrote:

>   Not only this. The attacker must discover what inicial sequence number the
> attacked host has chosen to establish the connection. Since this number has 2^32 possible values it's nearly impossible to guess it.

I beg your pardon, but although the *possibilities* are in a range of
2^32,
by measuring the roundtriptime and sniffing the packets coming from your
"victim" you should be able to guess the sequence number in a
*reasonable*
amount of time.
( And yes, I know this is an over simplified explanation :)

Thierry

-- 
Thierry Guinet 
Systems & Network programmer, Namsa Luxembourg
T .
 Guinet @
 namsa .
 nato .
 int

Follow-Ups:

Re: Spoofing... How does it work.
From: ormonde @ trem . cnt . org . br (Rodrigo Ormonde)
Re: Spoofing... How does it work.
From: lists @ lina . inka . de (Bernd Eckenfels)

References:

Re: Spoofing... How does it work.
From: ormonde @ trem . cnt . org . br (Rodrigo Ormonde)

Indexed By Date	Previous:	packet filtering based on TCP sequence number From: Marc Slemko <marcs @ znep . com>
Indexed By Date	Next:	RE: MIMESweeper From: Andrew Bays <andrew @ zeuros . co . uk>
Indexed By Thread	Previous:	Re: Spoofing... How does it work. From: cima @ via-net . com . br (Fernando Cima)
Indexed By Thread	Next:	Re: Spoofing... How does it work. From: lists @ lina . inka . de (Bernd Eckenfels)