Home page logo
/

basics logo Security Basics mailing list archives

Re: TCP vs UDP II
From: Rooster <rooster () attrition org>
Date: Thu, 14 Nov 2002 09:41:43 -0500 (EST)

i believe you are asking if it is possible to hijack a TCP session.  is
this correct?  absolutely it is possible, it is just a matter of spoofing
the mechanics for maintaining the session, the syn/ack numbers.

<rant>
let it be a lesson to you.  using a non security feature to provide you
with security is a very bad idea.  the sesion integrity feature of tcp was
never meant as a security measure, don't use it as such.
</rant>

On Wed, 13 Nov 2002, Pablo Gietz wrote:

Dear list:
It's possible that a intruder could take active part of a TCP connection
after this was established?
In UPD I know this is true because is a connectionless protocol. But I have
doubts about TCP.
Thanks

Pablo A. C. Gietz
Jefe de Seguridad Inform?tica
Nuevo Banco de Entre R?os S.A.
Te.: 0343 - 4201351




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault