Bugtraq mailing list archives
Re: Router filtering not enough! (Was: Re: CERT advisory )
From: jim () math psu edu (Jim Duncan)
Date: Tue, 24 Jan 1995 18:01:33 -0500
Rens Troost writes:
This does not require spoofing or rource-routing, although the current attackers seem to be using spoofing and source routing, count on them to start using more pernicious methods soon.
The current attack does _not_ use source routing; the acknowledgements are never seen by the attackers. It wasn't mentioned in your recent letter, but they are _not_ hijacking an existing connection, either. Almost everybody I've talked to has assumed that source routing is used and an existing connection must be hijacked. Neither is correct in this attack. I made this assumption too, and "got corrected". :-) Dunno why the assumptions are so prevalent, but I assume we all read them in to some paper on the subject. In this case, the attackers start a new connection, and other than the initial probe, complete the attack entirely in the blind.
As has been pointed out, only network or transport-level encryption will entirely block these attacks.
That's correct. That and teach people the difference between identification and authentication. Jim
Current thread:
- Router filtering not enough! (Was: Re: CERT advisory ) Rens Troost (Jan 24)
- Sequence number spoofing, SunOS der Mouse (Jan 24)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Rens Troost (Jan 24)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Christian Wettergren (Jan 24)
- Re: Router filtering not enough! (Was: Re: CERT advisory ) Jim Duncan (Jan 24)