|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: A new TCP/IP blind data injection technique?
From: Casper Dik (casper
holland.sun.com)
Date: Thu Dec 11 2003 - 11:17:41 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>On Thu, Dec 11, 2003 at 12:28:28AM +0100, Michal Zalewski wrote:
>
>> 2. Random IP ID numbers, a feature of some systems (OpenBSD?), although also
>> risky (increasing reassembly collission probability), make the attack
>> more difficult.
>
>FreeBSD also has the option of randomizing the IP ID.
Solaris uses a different IP ID sequence for each system it
communicates with; you'll need to be able to see the packets
go by (in which case TCP splicing is child's play).
Casper
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]