|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Marc Heuse (mh
baseline-security.de)
Date: Mon Jul 14 2008 - 07:57:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jon Oberheide wrote:
> On Sun, 2008-07-13 at 20:09 -0700, piggly wiggly wrote:
>> Basically it has to do with ICMP packets (spoofed ICMP unreachables sent
>> in response to DNS packets the attacker can't see, but can guess - thanks
>> to non-random port selection).
>
> Or ICMP redirect messages for that matter (although I'd hope most sane
> distributions are shipping with accept_redirects off by default
> nowadays).
most distributions ship with secure redirects enabled - which is not
"secure" in a sensible way ;-)
> So the attacker would have to guess the 16-bit IP ID correctly to have
> his ICMP unreachable accepted which would be just as difficult as
> guessing the DNS TXID. Stacks that still use incremental IP ID
> generation could be affected, however.
thankfully IP IDs were removed in IPv6 ...
Cheers,
Marc
--
Marc Heuse
Mobil: +49 177 9611560
Fax: +49 30 28097468
www.baseline-security.de
Baseline Security Consulting
Chausseestr. 15
10115 Berlin
Ust.-Ident.-Nr.: DE244222388
PGP: D069 301E B401 828C 4E72 0BEA D9C9 6088 36F2 A05E
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]