Home page logo

basics logo Security Basics mailing list archives

RE: IP Session Hijacking And Spoofing
Date: Mon, 25 Nov 2002 12:55:54 -0800

I was not aware you could manually define the routing that packets would
follow (without configuring the routers). Or do you mean I would just choose
to spoof an IP that is downstream from me, so that I am sure the traffic
will pass me by on its way to the host? Wouldn't dynamic RIP make the route
the traffic will take dynamic? How can I possibly be sure that I will be
midstream during the session?

Todd Lehmann
Systems Analyst I
VPN Subject Matter Expert

-----Original Message-----
From: simsjs [mailto:sims () interex org] 
Sent: Friday, November 22, 2002 9:23 AM
To: LEHMANN, TODD; security-basics
Subject: Re: IP Session Hijacking And Spoofing

With IP Spoofing there is no need to guess the sequence number since there
is no session currently open with that IP address. The way that the traffic
would get back to you is by using source routing. This is where you tell the
network how to route the output and input from a session, then you simply
sniff it from the network as it passes by you. But you have to make sure you
put in a route that will both reach its destination and pass through your
own network. 

As far as guessing the sequence numbering for session high-jacking, I really
have no idea, but there are programs that will attempt to guess these for
you. The one I am thinking of (whose name escapes me at the time) will allow
you to watch a session, reset a session, or hijack it. 

Hope some of this helps.


*********** REPLY SEPARATOR  ***********

On 11/19/2002 at 11:33 AM LEHMANN, TODD wrote:

I have read some documentation on IP Spoofing, and from what I have read,
sounds like you must determine the sequence number of the host before you
can spoof. However, I don't understand why you would have to determine the
sequence if you are creating a new session with the host under a false IP.
Wouldn't the creation of the new TCP session negotiate the sequence number
at that time?

I also failed to understand how the traffic gets back to you if you are
telling it to respond to another host. Can someone shine some light on this
for me?

When it comes to session high-jacking, how does one go about determining
sequence number on a host that uses a random number seed to create the
sequence? Is it some form of complex algorithms or is it just impossible
unless you create the session? 

Todd Lehmann
Systems Analyst I
VPN Subject Matter Expert

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]