Home page logo

basics logo Security Basics mailing list archives

RE: IP Session Hijacking And Spoofing
From: Svetoslav Gyurov <sve () pzmail org>
Date: Tue, 26 Nov 2002 23:40:18 +0200 (EET)

Yes but some or most of the routers in Internet are denying source routing
in packet headers for security reasons, then what ? The best way leaves
"man in middle" ?!

And about sequence numbers, every distro is using different algorithms
about generating them, isn't they ?

On Fri, 22 Nov 2002, simsjs wrote:

With IP Spoofing there is no need to guess the sequence number since
there is no session currently open with that IP
address. The way that the traffic would get back to you is by using source
routing. This is where you tell the network how to
route the output and input from a session, then you simply sniff it from
the network as it passes by you. But you have to
make sure you put in a route that will both reach its destination and pass
through your own network.

As far as guessing the sequence numbering for session high-jacking, I
really have no idea, but there are programs that will
attempt to guess these for you. The one I am thinking of (whose name
escapes me at the time) will allow you to watch a
session, reset a session, or hijack it.

Hope some of this helps.


Best regards, sve

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]