Security Basics mailing list archives
IP Session Hijacking And Spoofing
From: "LEHMANN, TODD" <TODLEH () SAFECO com>
Date: Tue, 19 Nov 2002 11:33:17 -0800
I have read some documentation on IP Spoofing, and from what I have read, it sounds like you must determine the sequence number of the host before you can spoof. However, I don't understand why you would have to determine the sequence if you are creating a new session with the host under a false IP. Wouldn't the creation of the new TCP session negotiate the sequence number at that time? I also failed to understand how the traffic gets back to you if you are telling it to respond to another host. Can someone shine some light on this for me? When it comes to session high-jacking, how does one go about determining the sequence number on a host that uses a random number seed to create the sequence? Is it some form of complex algorithms or is it just impossible unless you create the session? Todd Lehmann Systems Analyst I VPN Subject Matter Expert
Current thread:
- IP Session Hijacking And Spoofing LEHMANN, TODD (Nov 21)
- Re: IP Session Hijacking And Spoofing John Fastabend (Nov 22)
- RE: IP Session Hijacking And Spoofing Daniel R. Miessler (Nov 25)
- Re: IP Session Hijacking And Spoofing simsjs (Nov 25)
- Re: IP Session Hijacking And Spoofing Svetoslav Gyurov (Nov 26)
- <Possible follow-ups>
- RE: IP Session Hijacking And Spoofing Gene LeDuc (Nov 25)
- RE: IP Session Hijacking And Spoofing ALBEE,RUSSELL. S FC2 (CV63 CS5) (Nov 25)
- RE: IP Session Hijacking And Spoofing Svetoslav Gyurov (Nov 26)
- RE: IP Session Hijacking And Spoofing LEHMANN, TODD (Nov 26)
- RE: IP Session Hijacking And Spoofing John Fastabend (Nov 27)
- Re: IP Session Hijacking And Spoofing simsjs (Nov 26)