Home page logo

basics logo Security Basics mailing list archives

From: "charles lindsay" <frostbackeng () lycos com>
Date: Wed, 13 Nov 2002 16:26:21 -0500


google "TCP session hijacking".

The possibilities are limited by your access to the network path between the endpoints.
If you have share a LAN with one of the endpoints you can poison the ARP cache of the endpoint and insert a "MAC-layer" 
proxy, if you can tap the ONLY link between routers, you can insert a PHY layer proxy.   If you are attacking from some 
random point in the network, the hijack is dependent on your ability to predict the ports and sequence numbers -- and 
you won't receive anthing sent by either endpoint -- but the fact that they will accept anything you send as coming 
from the other endpoint can be enough for a successful attack.


Dear list:
It's possible that a intruder could take active part of a TCP connection
after this was established?
In UPD I know this is true because is a connectionless protocol. But I have
doubts about TCP.

Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351

Outgrown your current e-mail service? Get 25MB Storage, POP3 Access,
Advanced Spam protection with LYCOS MAIL PLUS.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]