I'd like to thank everyone for their responses. It took me a few days to
process all that and play around with those fancy tools. I think I hacked
this protocol, or at least manipulated it in a way it was designed not to.
It's likely that this is a trivial matter since the protocol is not used for
Thanks for all the great resources. That took me quite a few days to digest
and play with.
I am not deploying this in a switched environment. It's for a demo and the
victim's machine is a virtual machine in VMware hosted on the attacker's
machine (mine). The victim's connection is through
Dear [EMAIL PROTECTED],
During blind TCP spoofing you can send data, but you can not receive
one. That's why it's blind. The general idea is to insert some data,
e.g. commands into telnet session or HTTP request into established TCP
connection. Usually, you have only one packet to
hi,
theres a possibility there - but if you're on the same network and
there is no seperation protection then there are lots of other
tools and methods that could be used to stick your box as a man-in-middle
if new or unsure you need to look for, eg gratuitous ARP, ARP poisoning,
Cain Able... a
On Fri, 26 Oct 2007 12:41:37 +0400, 3APA3A said:
So, generally, 1. there is no reason to spoof both connections. 2. it's
Thank you, Captain Obvious - I specifically *said* that only one of them
needs to be blind spoofing.
only possible if sequence number is 100% (or close to 100%)
Dear [EMAIL PROTECTED],
VKve Thank you, Captain Obvious - I specifically *said* that only one of them
VKve needs to be blind spoofing.
There is a difference between you needn't and you can't and you
won't. You say you needn't spoof another one. I say you won't and you
can't.
VKve And
Thank you, Captain Obvious - I specifically *said* that only one of them
needs to be blind spoofing.
only possible if sequence number is 100% (or close to 100%) predictable.
And Michael Zalewski's work showed that even on many boxes that *claim*
to have RFC1948 randomization, you can do
seriously. enough with the irc ass kissing.
On 10/26/07, don bailey [EMAIL PROTECTED] wrote:
Thank you, Captain Obvious - I specifically *said* that only one of them
needs to be blind spoofing.
only possible if sequence number is 100% (or close to 100%) predictable.
And Michael
Hello,
I have been searching all over the place to find an answer to this question,
but Google has made me feel unlucky these last few days. I hope I could find
more expertise here. The burning question I have been pondering over is -
could TCP connections be hijacked both ways? I know there are
Hi I am sorry to hear you just woke from your coma. It is now 2007 not 1995.
On 10/25/07, Oliver [EMAIL PROTECTED] wrote:
Hello,
I have been searching all over the place to find an answer to this question,
but Google has made me feel unlucky these last few days. I hope I could find
more
Ouch.
Have some mercy on a second year computer engineering student? :)
On 10/25/07, reepex [EMAIL PROTECTED] wrote:
Hi I am sorry to hear you just woke from your coma. It is now 2007 not
1995.
On 10/25/07, Oliver [EMAIL PROTECTED] wrote:
Hello,
I have been searching all over the
On Thu, 25 Oct 2007 10:09:47 PDT, Oliver said:
I have been searching all over the place to find an answer to this question,
but Google has made me feel unlucky these last few days. I hope I could find
more expertise here. The burning question I have been pondering over is -
could TCP
It would cause a ACK storm. If you can sniff the connection and if the
connection uses TCP Timestamps (RFC1323) then you can hijack the connection
really easily. You take advantage of PAWS (Protection Against Wrapped
Sequence numbers). In every packet you send the other guy your timestamp
and
Valdis, you should back to Cretaceous period, because Oliver talks
about man-in-the-middle attack, not about blind TCP spoofing.
Randomized ISN doesn't protect against MitM.
--Thursday, October 25, 2007, 9:40:53 PM, you wrote to [EMAIL PROTECTED]:
VKve On Thu, 25 Oct 2007
On Fri, 26 Oct 2007 00:43:10 +0400, 3APA3A said:
Valdis, you should back to Cretaceous period, because Oliver talks
about man-in-the-middle attack, not about blind TCP spoofing.
Randomized ISN doesn't protect against MitM.
Doing a MitM is basically just spoofing two
15 matches
Mail list logo