Security Basics mailing list archives
Re: TCP vs UDP II
From: Rooster <rooster () attrition org>
Date: Thu, 14 Nov 2002 09:41:43 -0500 (EST)
i believe you are asking if it is possible to hijack a TCP session. is this correct? absolutely it is possible, it is just a matter of spoofing the mechanics for maintaining the session, the syn/ack numbers. <rant> let it be a lesson to you. using a non security feature to provide you with security is a very bad idea. the sesion integrity feature of tcp was never meant as a security measure, don't use it as such. </rant> On Wed, 13 Nov 2002, Pablo Gietz wrote:
Dear list: It's possible that a intruder could take active part of a TCP connection after this was established? In UPD I know this is true because is a connectionless protocol. But I have doubts about TCP. Thanks Pablo A. C. Gietz Jefe de Seguridad Inform?tica Nuevo Banco de Entre R?os S.A. Te.: 0343 - 4201351
Current thread:
- TCP vs UDP II Pablo Gietz (Nov 13)
- Re: TCP vs UDP II Rooster (Nov 14)
- Re: TCP vs UDP II Steve Bremer (Nov 14)
- Contractors on Company Networks - Network segregation William Kupersanin (Nov 17)
- RE: Contractors on Company Networks - Network segregation Bill Lavalette (Nov 18)
- Contractors on Company Networks - Network segregation William Kupersanin (Nov 17)
- Re: TCP vs UDP II Alevizos Dimos (Nov 15)
- Re: TCP vs UDP II Donnie Tognazzini (Nov 18)
- <Possible follow-ups>
- RE: TCP vs UDP II Schouten, Diederik (Diederik) (Nov 14)
- RE: TCP vs UDP II Garbrecht, Frederick (Nov 14)
- RE: TCP vs UDP II charles lindsay (Nov 15)