Security Basics mailing list archives

RE: TCP vs UDP II

From: "charles lindsay" <frostbackeng () lycos com>
Date: Wed, 13 Nov 2002 16:26:21 -0500

Yes,

google "TCP session hijacking".

The possibilities are limited by your access to the network path between the endpoints.
If you have share a LAN with one of the endpoints you can poison the ARP cache of the endpoint and insert a "MAC-layer" 
proxy, if you can tap the ONLY link between routers, you can insert a PHY layer proxy.   If you are attacking from some 
random point in the network, the hijack is dependent on your ability to predict the ports and sequence numbers -- and 
you won't receive anthing sent by either endpoint -- but the fact that they will accept anything you send as coming 
from the other endpoint can be enough for a successful attack.

==========================

Dear list:
It's possible that a intruder could take active part of a TCP connection
after this was established?
In UPD I know this is true because is a connectionless protocol. But I have
doubts about TCP.
Thanks

Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351




__________________________________________________________
Outgrown your current e-mail service? Get 25MB Storage, POP3 Access,
Advanced Spam protection with LYCOS MAIL PLUS.
http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus

Current thread:

TCP vs UDP II Pablo Gietz (Nov 13)
- Re: TCP vs UDP II Rooster (Nov 14)
- Re: TCP vs UDP II Steve Bremer (Nov 14)
  - Contractors on Company Networks - Network segregation William Kupersanin (Nov 17)
    - RE: Contractors on Company Networks - Network segregation Bill Lavalette (Nov 18)
- Re: TCP vs UDP II Alevizos Dimos (Nov 15)
- Re: TCP vs UDP II Donnie Tognazzini (Nov 18)
- <Possible follow-ups>
- RE: TCP vs UDP II Schouten, Diederik (Diederik) (Nov 14)
- RE: TCP vs UDP II Garbrecht, Frederick (Nov 14)
- RE: TCP vs UDP II charles lindsay (Nov 15)