mailing list archives
RE: TCP vs UDP II
From: "charles lindsay" <frostbackeng () lycos com>
Date: Wed, 13 Nov 2002 16:26:21 -0500
google "TCP session hijacking".
The possibilities are limited by your access to the network path between the endpoints.
If you have share a LAN with one of the endpoints you can poison the ARP cache of the endpoint and insert a "MAC-layer"
proxy, if you can tap the ONLY link between routers, you can insert a PHY layer proxy. If you are attacking from some
random point in the network, the hijack is dependent on your ability to predict the ports and sequence numbers -- and
you won't receive anthing sent by either endpoint -- but the fact that they will accept anything you send as coming
from the other endpoint can be enough for a successful attack.
It's possible that a intruder could take active part of a TCP connection
after this was established?
In UPD I know this is true because is a connectionless protocol. But I have
doubts about TCP.
Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351
Outgrown your current e-mail service? Get 25MB Storage, POP3 Access,
Advanced Spam protection with LYCOS MAIL PLUS.