Home page logo
/

basics logo Security Basics mailing list archives

IP Session Hijacking And Spoofing
From: "LEHMANN, TODD" <TODLEH () SAFECO com>
Date: Tue, 19 Nov 2002 11:33:17 -0800

I have read some documentation on IP Spoofing, and from what I have read, it
sounds like you must determine the sequence number of the host before you
can spoof. However, I don't understand why you would have to determine the
sequence if you are creating a new session with the host under a false IP.
Wouldn't the creation of the new TCP session negotiate the sequence number
at that time?

I also failed to understand how the traffic gets back to you if you are
telling it to respond to another host. Can someone shine some light on this
for me?

When it comes to session high-jacking, how does one go about determining the
sequence number on a host that uses a random number seed to create the
sequence? Is it some form of complex algorithms or is it just impossible
unless you create the session? 

Todd Lehmann
Systems Analyst I
VPN Subject Matter Expert


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault