[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: jeff-kell at utc.edu (Jeff Kell)
Subject: Re: A new TCP/IP blind data injection technique?
Stephen Frost wrote:
>> As such, there seems to be a reason for some concern, even with
>> random IP IDs, since it only takes one RFC-ignorant party for the
>> attack against a session to succeed.
>
>
> Is it possible the RSTs you're seeing are from firewalls which send an
> RST due to rules in the firewall? It could be that those 12 hosts
> wouldn't actually accept a connection where the SYN packet has a zero
> TCP checksum.
Many switches will not forward incorrect checksums. NAT devices
recalculate checksums. Your mileage may vary.
Jeff
Powered by blists - more mailing lists