mailing list archives
Re: TCP vs UDP II
From: Rooster <rooster () attrition org>
Date: Thu, 14 Nov 2002 09:41:43 -0500 (EST)
i believe you are asking if it is possible to hijack a TCP session. is
this correct? absolutely it is possible, it is just a matter of spoofing
the mechanics for maintaining the session, the syn/ack numbers.
let it be a lesson to you. using a non security feature to provide you
with security is a very bad idea. the sesion integrity feature of tcp was
never meant as a security measure, don't use it as such.
On Wed, 13 Nov 2002, Pablo Gietz wrote:
It's possible that a intruder could take active part of a TCP connection
after this was established?
In UPD I know this is true because is a connectionless protocol. But I have
doubts about TCP.
Pablo A. C. Gietz
Jefe de Seguridad Inform?tica
Nuevo Banco de Entre R?os S.A.
Te.: 0343 - 4201351