|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: forged packets?
ctor (ctor
KRIXOR.XY.ORG)
Mon, 25 Oct 1999 19:41:06 +0200
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Mike Malouf: "Re: IE 5.0 vulnerability"
- Previous message: Ryan Permeh: "Re: forged packets?"
- In reply to: Kelvin Fu: "forged packets?"
- Next in thread: David Taylor: "Re: forged packets?"
On Mon, 25 Oct 1999, Kelvin Fu wrote:
> IMPACT
> Any local user can send any packet to any host from most Linux
> AFAIK, a local user ( root?) on a linux system if running nmap is able
> to perform decoy scans with the -D option. This option enables a user to
> 'spoof' his/her IP address to that of another host which will result in
> the spoofed Ip to appear to be scanning the victim. If Im not wrong,
> doesnt this ability to be able to spoof IP addresses coincide with the
> 'user-rawip-attack' vulnerabilty addressed by Marc?
for nmap -D, the local user should be root or someone with priviledgies
enough to open a raw socket.. his advisory says 'Any local user'..
However, the advisory is just mentioning sending packets out.. I can't see how
this possibly can affect TCP-services relying on IP-adress authentication
unless it's also possible to peek at incoming packets..??
~~~<*>~~~
Web: http://elemental.webservices.se/ ICQ: 3534707
PGP: `finger ctorsangis.kalix.net` IRCnet: ctor
~~~<*>~~~
- Next message: Mike Malouf: "Re: IE 5.0 vulnerability"
- Previous message: Ryan Permeh: "Re: forged packets?"
- In reply to: Kelvin Fu: "forged packets?"
- Next in thread: David Taylor: "Re: forged packets?"
This archive was generated by hypermail 2.0b3 on Mon Oct 25 1999 - 23:15:24 CDT