Full Disclosure mailing list archives

Re: A new TCP/IP blind data injection technique?

From: Jeff Kell <jeff-kell () utc edu>
Date: Fri, 12 Dec 2003 17:09:35 -0500

Stephen Frost wrote:

     As such, there seems to be a reason for some concern, even with
     random IP IDs, since it only takes one RFC-ignorant party for the
     attack against a session to succeed.



Is it possible the RSTs you're seeing are from firewalls which send an
RST due to rules in the firewall?  It could be that those 12 hosts
wouldn't actually accept a connection where the SYN packet has a zero

TCP checksum.

Many switches will not forward incorrect checksums. NAT devicesrecalculate checksums. Your mileage may vary.


Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

A new TCP/IP blind data injection technique? Michal Zalewski (Dec 10)
- Re: A new TCP/IP blind data injection technique? Kris Kennaway (Dec 10)
  - Re: A new TCP/IP blind data injection technique? Casper Dik (Dec 11)
- Re: A new TCP/IP blind data injection technique? Shachar Shemesh (Dec 11)
  - Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 11)
    - Re: A new TCP/IP blind data injection technique? Shachar Shemesh (Dec 11)
    - Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 11)
    - Re: A new TCP/IP blind data injection technique? Barney Wolff (Dec 12)
    - Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 12)
    - Re: A new TCP/IP blind data injection technique? Stephen Frost (Dec 12)
    - Re: A new TCP/IP blind data injection technique? Jeff Kell (Dec 12)
  - Re: A new TCP/IP blind data injection technique? Valdis . Kletnieks (Dec 11)
    - Re: A new TCP/IP blind data injection technique? Mikael Abrahamsson (Dec 11)
- RE: A new TCP/IP blind data injection technique? David Gillett (Dec 11)
- Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 13)
  - Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 13)
  - Re: A new TCP/IP blind data injection technique? Valdis . Kletnieks (Dec 13)
    - Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 13)
    - Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 14)
    - Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 15)
    - Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 15)

(Thread continues...)