[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: A new TCP/IP blind data injection technique?

To: bugtraq@securityfocus.com, full-disclosure@netsys.com
Subject: [Full-Disclosure] Re: A new TCP/IP blind data injection technique?
From: Jeff Kell <jeff-kell@utc.edu>
Date: Fri, 12 Dec 2003 17:09:35 -0500

Stephen Frost wrote:

     As such, there seems to be a reason for some concern, even with
     random IP IDs, since it only takes one RFC-ignorant party for the
     attack against a session to succeed.
Is it possible the RSTs you're seeing are from firewalls which send an RST due to rules in the firewall? It could be that those 12 hosts wouldn't actually accept a connection where the SYN packet has a zero TCP checksum.

Many switches will not forward incorrect checksums. NAT devices recalculate checksums. Your mileage may vary.

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] A new TCP/IP blind data injection technique?
  - From: Michal Zalewski <lcamtuf@ghettot.org>
- Re: [Full-Disclosure] A new TCP/IP blind data injection technique?
  - From: Shachar Shemesh <fulldisc@sun.consumer.org.il>
- Re: [Full-Disclosure] A new TCP/IP blind data injection technique?
  - From: Michal Zalewski <lcamtuf@ghettot.org>
- [Full-Disclosure] Re: A new TCP/IP blind data injection technique?
  - From: Michal Zalewski <lcamtuf@ghettot.org>
- [Full-Disclosure] Re: A new TCP/IP blind data injection technique?
  - From: Stephen Frost <sfrost@snowman.net>

Prev by Date: [Full-Disclosure] IE 0x01 Byte URL Spoofing Vulnerability[Scriptless PoC Exploit & Additional Details]
Next by Date: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
Previous by thread: [Full-Disclosure] Re: A new TCP/IP blind data injection technique?
Next by thread: Re: [Full-Disclosure] A new TCP/IP blind data injection technique?
Index(es):
- Date
- Thread