Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_1

Bugtraq archives for 1st quarter (Jan-Mar) 1995: Re: address spoof/no return packets

Re: address spoof/no return packets

Christopher Klaus (cklausshadow.net)
Mon, 23 Jan 1995 21:00:13 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Timothy Newsham: "Re: NFS packet blocking (Was Mouse EXPLOIT info...)"
Previous message: David Kovar: "Re: NYT Article this morning"
Next in thread: Aleph One: "Re: address spoof/no return packets"

> 
> 
> CERT Advisory CA-95:01 states:
> "It is important to note that the described attack is possible even if no
> reply packets can reach the attacker."
> 
> How can this be?

If you simulate a connection from trusted host and trusted account to
something like the rsh port with the following command:

echo "+ +" > .rhosts

The attacker doesn't need to see the reply packets, but now he/she is
able to rlogin/rsh in from anywhere. 


-- 
Christopher William Klaus	Voice: (404)518-0099. Fax: (404)518-0030
Internet Security Systems, Inc.		Computer Security Consulting
2209 Summit Place Drive, Atlanta, GA. 30350-2450.

Next message: Timothy Newsham: "Re: NFS packet blocking (Was Mouse EXPLOIT info...)"
Previous message: David Kovar: "Re: NYT Article this morning"
Next in thread: Aleph One: "Re: address spoof/no return packets"