Firewalls: Re: Spoofing... How does it work.

Firewalls
(November 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Spoofing... How does it work.
From:	cima @ via-net . com . br (Fernando Cima)
Organization:	Via Internet Informatica
Date:	Mon, 04 Nov 1996 16:19:57 -0200
To:	Rodrigo Ormonde <ormonde @ trem . cnt . org . br>
Cc:	firewalls @ greatcircle . com
References:	<9611041752 . AA10474 @ trem . cnt . org . br>
Reply-to:	cima @ via-net . com . br

Dear Ormonde,

Rodrigo Ormonde wrote:
>   Not only this. The attacker must discover what inicial sequence number the
> attacked host has chosen to establish the connection. Since this number has 2^32
> possible values it's nearly impossible to guess it. This is what makes this
> kind of attack very difficult to be sucessfull.
>   In some early implementations of TCP/IP for *nix (and for some X Terminals)
> the inicial sequence number wasn't a random number, but simply a number that
> was incremented by 1 on every connection. In this case it's trivial to guess
> what the next number will be. 

A nice description of this attack is in "SECURITY PROBLEMS IN THE TCP/IP
PROTOCOL SUITE", by S.M. Bellovin.

http://www.raptor.com/library/ipext.ps.Z

Cheers,

- Fernando Cima
  Via Internet Informatica

References:

Re: Spoofing... How does it work.
From: ormonde @ trem . cnt . org . br (Rodrigo Ormonde)

Indexed By Date	Previous:	Re: HOW DO I GET OFF THE LIST From: Kyle Mallory <kmallory @ telcom . utah . edu>
Indexed By Date	Next:	Re: FireWall by linux From: Christopher Seawood <cseawood @ qualcomm . com>
Indexed By Thread	Previous:	Re: Spoofing... How does it work. From: ormonde @ trem . cnt . org . br (Rodrigo Ormonde)
Indexed By Thread	Next:	Re: Spoofing... How does it work. From: GUINET Thierry <thierry @ namsa . nato . int>