Security Basics mailing list archives
RE: TCP vs UDP II
From: "charles lindsay" <frostbackeng () lycos com>
Date: Wed, 13 Nov 2002 16:26:21 -0500
Yes, google "TCP session hijacking". The possibilities are limited by your access to the network path between the endpoints. If you have share a LAN with one of the endpoints you can poison the ARP cache of the endpoint and insert a "MAC-layer" proxy, if you can tap the ONLY link between routers, you can insert a PHY layer proxy. If you are attacking from some random point in the network, the hijack is dependent on your ability to predict the ports and sequence numbers -- and you won't receive anthing sent by either endpoint -- but the fact that they will accept anything you send as coming from the other endpoint can be enough for a successful attack. ==========================
Dear list: It's possible that a intruder could take active part of a TCP connection after this was established? In UPD I know this is true because is a connectionless protocol. But I have doubts about TCP. Thanks
Pablo A. C. Gietz Jefe de Seguridad Informática Nuevo Banco de Entre Ríos S.A. Te.: 0343 - 4201351
__________________________________________________________ Outgrown your current e-mail service? Get 25MB Storage, POP3 Access, Advanced Spam protection with LYCOS MAIL PLUS. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus
Current thread:
- TCP vs UDP II Pablo Gietz (Nov 13)
- Re: TCP vs UDP II Rooster (Nov 14)
- Re: TCP vs UDP II Steve Bremer (Nov 14)
- Contractors on Company Networks - Network segregation William Kupersanin (Nov 17)
- RE: Contractors on Company Networks - Network segregation Bill Lavalette (Nov 18)
- Contractors on Company Networks - Network segregation William Kupersanin (Nov 17)
- Re: TCP vs UDP II Alevizos Dimos (Nov 15)
- Re: TCP vs UDP II Donnie Tognazzini (Nov 18)
- <Possible follow-ups>
- RE: TCP vs UDP II Schouten, Diederik (Diederik) (Nov 14)
- RE: TCP vs UDP II Garbrecht, Frederick (Nov 14)
- RE: TCP vs UDP II charles lindsay (Nov 15)