Firewall Wizards mailing list archives
Re: IP Spoofing.
From: Ivan Arce <core.lists.firewall-wizards () core-sdi com>
Date: 30 Sep 1999 18:01:47 -0300
Randy Witlicki wrote:
In the original blind IP spoofing (Mitnick, etc.) you had two big holes: - Predictable initial TCP sequence numbers, and; - Trust (as in /.rhosts) with no security perimeter. In the classic way of doing it, you do a "echo X.X.X.X > /.rhosts" as an rsh command in blind IP spoofing and then your host (X.X.X.X) is now trusted and you are free to rlogin, etc. (assuming there is no security perimeter). In a prudent setup with both cryptographically strong initial TCP sequence numbers (you don't need OpenBSD here, but it helps), and a good security perimeter, you should be immune from the "classic" attack.
just to add a bit... cryptographically strong ISNs is not enough if an attacker has the ability to inject source routed packets in to the victims network. he/she wont need to guess the ISN if he/she injects a source routed SYN.. still, good security at the perimeter prevents this -ivan -- "Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, It's nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce -------------------------------------------------------------------------------------------- Iván Arce <ivan () core-sdi com> Presidente CORE SDI S.A. Pte. Juan D. Peron 315 4to UF17 (1394) Buenos Aires, Argentina. TE/FAX: +54-11-43-31-54-02 +54-11-43-31-54-09 PGP fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A -------------------------------------------------------------------------------------------- --- For a personal reply use iarce () core-sdi com
Current thread:
- IP Spoofing. Christopher C. Petro (Sep 18)
- Re: IP Spoofing. William Stearns (Sep 19)
- Re: IP Spoofing. Tim Kramer (Sep 20)
- RE: IP Spoofing. Joseph Williams (Sep 20)
- Re: IP Spoofing. altellez (Sep 21)
- Re: IP Spoofing. Carric Dooley (Sep 28)
- Re: IP Spoofing. Randy Witlicki (Sep 29)
- Re: IP Spoofing. Paul D. Robertson (Sep 30)
- Re: IP Spoofing. Peter J. Kunz (Sep 30)
- Re: IP Spoofing. Ivan Arce (Sep 30)
- Re: IP Spoofing. Emiliano Kargieman (Sep 30)
- RE: IP Spoofing. Kurt Buff (Sep 30)
- RE: IP Spoofing. Rick Smith (Sep 30)
- Re: IP Spoofing. Randy Witlicki (Sep 29)
- <Possible follow-ups>
- Re: IP Spoofing. Steven M. Bellovin (Sep 19)
- Re: IP Spoofing. Robert Graham (Sep 21)