Home page logo
/

basics logo Security Basics mailing list archives

Re: IP Session Hijacking And Spoofing
From: Svetoslav Gyurov <sve () pzmail org>
Date: Tue, 26 Nov 2002 00:11:09 +0200 (EET)



Yes but some or most of the routers in Internet are denying source routing
in packet headers for security reasons, then what ? The best way leaves
"man in middle" ?!

And about sequence numbers, every distro is using different algorithms
about generating them, isn't they ?


On Fri, 22 Nov 2002, simsjs wrote:

With IP Spoofing there is no need to guess the sequence number since there is no session currently open with that IP 
address. The way that the traffic would get back to you is by using source routing. This is where you tell the 
network how to route the output and input from a session, then you simply sniff it from the network as it passes by 
you. But you have to make sure you put in a route that will both reach its destination and pass through your own 
network.

As far as guessing the sequence numbering for session high-jacking, I really have no idea, but there are programs 
that will attempt to guess these for you. The one I am thinking of (whose name escapes me at the time) will allow you 
to watch a session, reset a session, or hijack it.

Hope some of this helps.

Jeff



Best regards, sve


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]