lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Oct 2007 12:41:37 +0400 From: 3APA3A <3APA3A@...URITY.NNOV.RU> To: Valdis.Kletnieks@...edu Cc: Oliver <olivereatsolives@...il.com>, full-disclosure@...ts.grok.org.uk Subject: Re: TCP Hijacking (aka Man-in-the-Middle) Dear Valdis.Kletnieks@...edu, During blind TCP spoofing you can send data, but you can not receive one. That's why it's blind. The general idea is to insert some data, e.g. commands into telnet session or HTTP request into established TCP connection. Usually, you have only one packet to insert, because, after connection is spoofed, sequence number go out of order and hijacked side will reply with RST (unless you can blindly guess both sequence numbers and predict the moment another side will sent some data with accuracy of approximately 100ms. In this case both sides can consider extra packet as a duplicate and ignore it). So, generally, 1. there is no reason to spoof both connections. 2. it's only possible if sequence number is 100% (or close to 100%) predictable. --Friday, October 26, 2007, 1:14:23 AM, you wrote to 3APA3A@...URITY.NNOV.RU: VKve> On Fri, 26 Oct 2007 00:43:10 +0400, 3APA3A said: >> Randomized ISN doesn't protect against MitM. VKve> Doing a MitM is basically just spoofing two connections at the VKve> same time. If you know how to do one, you know how to do two. And VKve> if you know how to do one of them *blind*, it vastly increases VKve> your options (as you only need to be able to see the traffic in VKve> one direction rather than both). -- ~/ZARAZA http://securityvulns.com/ Если даже вы получите какое-нибудь письмо, вы все равно не сумеете его прочитать. (Твен) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists