Re: IP Spoofing.

Emiliano Kargieman (core.lists.firewall-wizardscore-sdi.com)
1 Oct 1999 19:39:49 -0300

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Hardcastle, Kevin: "RE: BigIP controller - any issues?"
• Previous message: Anton J Aylward: "Using DHCP (was RE: IP Spoofing)"
• In reply to: Robert Graham: "RE: IP Spoofing."

Robert Graham wrote:

> The detection of who it was involved simply looking back through the router
> logs. For ISN prediction to work, you have to get the ISN. It's fairly easy to
> track back who retrieved the ISN previous to the one being predicted.
>
> Rob.
>

Not so easy, you can only track it down to somebody with the ability to sniff
packets somewhere in the path the SYN+ACK packet took back.
The SYN used for retrieving the ISN could also be spoofed.

--
===================[ CORE Seguridad de la Informacion S.A. ]=======================
Emiliano Kargieman                                  emiliano_kargiemancore-sdi.com
Director de Investigacion                                          www.core-sdi.com
Corelabs
Pte. Juan D. Peron 315 Piso 4 UF 17
Buenos Aires, (1038). Argentina.                      Tel/Fax : +(54.11)43.31.54.02
===================================================================================
"When I was younger, I could remember anything, whether it had happened or not;
 but my faculties are decaying now and soon I shall be so I cannot remember any
 but the things that never happened. It is sad to go to pieces like this but we all
 have to do it." -- Mark Twain
"La maxima adquisicion psicologica del mundo portenio es la absoluta insumision de
las
nuevas generaciones" -- Florencio Escardo
--- For a personal reply use emiliano_kargiemancore-sdi.com

• Next message: Hardcastle, Kevin: "RE: BigIP controller - any issues?"
• Previous message: Anton J Aylward: "Using DHCP (was RE: IP Spoofing)"
• In reply to: Robert Graham: "RE: IP Spoofing."

This archive was generated by hypermail 2.0b3 on Sat Oct 02 1999 - 19:19:41 CDT