How do you get the server to use source routing in its replies? Source
routing tells the routers between you and the destination the next hops
for the packet. As far as I am aware, there is no requirement that the
destination employ the reverse path in its replies.
From: simsjs [sims () interex org]
Sent: Friday, November 22, 2002 12:23 PM
To: LEHMANN, TODD; security-basics
Subject: Re: IP Session Hijacking And Spoofing
With IP Spoofing there is no need to guess the sequence number since
there is no session currently open with that IP address. The way that the
traffic would get back to you is by using source routing. This is where
you tell the network how to route the output and input from a session,
then you simply sniff it from the network as it passes by you. But you
have to make sure you put in a route that will both reach its destination
and pass through your own network.
As far as guessing the sequence numbering for session high-jacking, I
really have no idea, but there are programs that will attempt to guess
these for you. The one I am thinking of (whose name escapes me at the
time) will allow you to watch a session, reset a session, or hijack it.
Hope some of this helps.
*********** REPLY SEPARATOR ***********
On 11/19/2002 at 11:33 AM LEHMANN, TODD wrote:
I have read some documentation on IP Spoofing, and from what I have
sounds like you must determine the sequence number of the host before
can spoof. However, I don't understand why you would have to determine
sequence if you are creating a new session with the host under a false
Wouldn't the creation of the new TCP session negotiate the sequence
at that time?
I also failed to understand how the traffic gets back to you if you are
telling it to respond to another host. Can someone shine some light on
When it comes to session high-jacking, how does one go about
sequence number on a host that uses a random number seed to create the
sequence? Is it some form of complex algorithms or is it just
unless you create the session?
Systems Analyst I
VPN Subject Matter Expert
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now