lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue Apr 11 22:36:16 2006
From: ian.t7 at hotmail.co.uk (Ian stuart Turnbull)
Subject: info on ip spoofing please

Yee-hah! And there we have it in a nutshell. Such an easy asnwer when you 
know,
I'm in your debt for this. Many many thanks. Now I'll get some sleep tonight 
- great.
Best regards,
Ian t

>From: Valdis.Kletnieks@...edu
>To: Ian stuart Turnbull <ian.t7@...mail.co.uk>
>CC: bmenrigh@...d.edu, full-disclosure@...ts.grok.org.uk
>Subject: Re: [Full-disclosure] info on ip spoofing please Date: Tue, 11 Apr 
>2006 17:11:53 -0400
>MIME-Version: 1.0
>Received: from turing-police.cc.vt.edu ([128.173.14.107]) by 
>bay0-pamc1-f9.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 
>11 Apr 2006 14:11:54 -0700
>Received: from turing-police.cc.vt.edu (localhost [127.0.0.1])by 
>turing-police.cc.vt.edu (8.13.6/8.13.6) with ESMTP id k3BLBrYM022370;Tue, 
>11 Apr 2006 17:11:53 -0400
>X-Message-Info: JGTYoYF78jEHjJx36Oi8+Z3TmmkSEdPtfpLB7P/ybN8=
>X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.1-RC3
>References: <BAY112-F317806DFA70F524FB8414599CD0@....gbl>
>Return-Path: Valdis.Kletnieks@...edu
>X-OriginalArrivalTime: 11 Apr 2006 21:11:55.0180 (UTC) 
>FILETIME=[8F9C96C0:01C65DAC]
>
>On Tue, 11 Apr 2006 21:54:50 BST, Ian stuart Turnbull said:
> > Excellent response Brendon. Thanks heaps.
> > I was reading the infamous Markoff / Tsutomu Shimomura attack at
>
>That was *Mitnick*, not Markoff - Markoff wrote a book or 3 about it later.
>
> > http://www.totse.com/en/hack/hack_attack/hacker03.html
> >
> > and I guess I assumed that as they did not know each other personally 
>then
> > Markoff must have found a way to locate 2 computers conversing with each
> > other randomly? Perhaps this assumption was not correct?
> > Though from the test it appears Markoff DID find a way of doing this - 
>ie,
> > finding 2 computers talking to each other NOT on his own LAN / 
>network???
>
>Well, at that time, it was a pretty good guess that if you found hostnames
>george.site.dom, paul.site.dom, john.site.dom, and ringo.site.dom, and all 
>4
>had rsh enabled, that there was a lot of rsh traffic between them, and 
>likely
>a .rhost trust between them so you wouldn't need a password....
>
>And what Mitnick's attack did *wasnt* finding 2 computers *talking*.
>In fact, the attack relied on finding a trusted computer *not* talking (or
>making it not talk).
>
>What he did was:
>
>1) Bash george.site.dom over the head with SYN packets to make it STFU.
>2) Send paul.site.dom a forged SYN packet claiming to be from george.
>3) Paul sends a syn/ack to george, who can't send an RST because it's STFU.
>4) send a forged ACK for the syn/ack claiming to be from george.
>5) Send the rest of the TCP datastream.
>
>The only tough part is knowing what ISN will be on the syn/ack so you can
>ack it properly - and in that day, just poking its 'finger' port or 
>something,
>noting *that* ISN, and adding 32K or similar constant was almost guaranteed 
>to work.


><< attach3 >>

_________________________________________________________________
Be the first to hear what's new at MSN - sign up to our free newsletters! 
http://www.msn.co.uk/newsletters

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ