On Fri, 26 Oct 2007 00:43:10 +0400, 3APA3A said: > Valdis, you should back to Cretaceous period, because Oliver talks > about man-in-the-middle attack, not about blind TCP spoofing. > Randomized ISN doesn't protect against MitM. Doing a MitM is basically just spoofing two connections at the same time. If you know how to do one, you know how to do two. And if you know how to do one of them *blind*, it vastly increases your options (as you only need to be able to see the traffic in one direction rather than both). Also, knowing your history gives you a leg up - I'm quite sure that very few of the skript kiddies who now think a SYN-flood is just a useful DDoS attack realize that the *original* use was to spam a machine into a state where it couldn't send an RST packet to your victim box when it saw the replies to the forged packets you were blind-spoofing. Now - what *other* ways can you leverage the idea that you can make an RST packet "Not Happen"? Remember - if you're the attacker, you *want* to be exploiting odd corner cases of the protocol, and it's perfectly fair to abuse a trick that nobody bothers defending against anymore because they've forgotten it.... Of course, these days it's probably easier to play some DNS spoofing games so that the victim connects to your server and you then proxy to wherever it was really intended to go. Or just create a phish.
Attachment:
pgpyVsO1P1zhe.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/