Great Circle Associates Firewalls
(November 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Spoofing... How does it work.
From: lists @ lina . inka . de (Bernd Eckenfels)
Date: Tue, 5 Nov 1996 12:13:55 +0100 (MET)
To: firewalls @ greatcircle . com
In-reply-to: <327EE9D0 . B4F @ aows0 . namsa . lu> from "GUINET Thierry" at Nov 5, 96 08:16:32 am 
Hi,

> I beg your pardon, but although the *possibilities* are in a range of
> 2^32,
> by measuring the roundtriptime and sniffing the packets coming from your
> "victim" you should be able to guess the sequence number in a
> *reasonable*
> amount of time.

Umm... how can you guess the ISN by measuring the RTT? And of course you
can't sniff the Packet from your victim (you dont need to measure anything if
you can sniff the packet, since the ISN is written clear in it). 

If you can sniff the packet it was directed to you anyway. It is possible to
sniff the Packet if you are on the same Lan or on the Upstream Link, but
this is usually not the case for attackers. (The local LAN should be secured
and the Upstream Links trusted, at least as long as you use insecure
authentication which relies on the Source-IP).

Greetings
Bernd
Follow-Ups:
References:
Indexed By Date Previous: RE: MIMESweeper
From: Andrew Bays <andrew @ zeuros . co . uk>
Next: Re: Spoofing... How does it work.
From: ormonde @ trem . cnt . org . br (Rodrigo Ormonde)
Indexed By Thread Previous: Re: Spoofing... How does it work.
From: GUINET Thierry <thierry @ namsa . nato . int>
Next: Re: Spoofing... How does it work.
From: GUINET Thierry <thierry @ namsa . nato . int>
Google
 
Search Internet Search www.greatcircle.com