Full Disclosure mailing list archives
Re: A new TCP/IP blind data injection technique?
From: Jeff Kell <jeff-kell () utc edu>
Date: Fri, 12 Dec 2003 17:09:35 -0500
Stephen Frost wrote:
As such, there seems to be a reason for some concern, even with random IP IDs, since it only takes one RFC-ignorant party for the attack against a session to succeed.Is it possible the RSTs you're seeing are from firewalls which send an RST due to rules in the firewall? It could be that those 12 hosts wouldn't actually accept a connection where the SYN packet has a zeroTCP checksum.
Many switches will not forward incorrect checksums. NAT devices recalculate checksums. Your mileage may vary.
Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- A new TCP/IP blind data injection technique? Michal Zalewski (Dec 10)
- Re: A new TCP/IP blind data injection technique? Kris Kennaway (Dec 10)
- Re: A new TCP/IP blind data injection technique? Casper Dik (Dec 11)
- Re: A new TCP/IP blind data injection technique? Shachar Shemesh (Dec 11)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 11)
- Re: A new TCP/IP blind data injection technique? Shachar Shemesh (Dec 11)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 11)
- Re: A new TCP/IP blind data injection technique? Barney Wolff (Dec 12)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 12)
- Re: A new TCP/IP blind data injection technique? Stephen Frost (Dec 12)
- Re: A new TCP/IP blind data injection technique? Jeff Kell (Dec 12)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 11)
- Re: A new TCP/IP blind data injection technique? Kris Kennaway (Dec 10)
- Re: A new TCP/IP blind data injection technique? Mikael Abrahamsson (Dec 11)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 13)
- Re: A new TCP/IP blind data injection technique? Valdis . Kletnieks (Dec 13)
- Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 13)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 14)
- Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 15)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 15)