On Fri, 26 Oct 2007 12:41:37 +0400, 3APA3A said: > So, generally, 1. there is no reason to spoof both connections. 2. it's Thank you, Captain Obvious - I specifically *said* that only one of them needs to be blind spoofing. > only possible if sequence number is 100% (or close to 100%) predictable. And Michael Zalewski's work showed that even on many boxes that *claim* to have RFC1948 randomization, you can do pretty well on the predicting.
Attachment:
pgpotN4ZUqrTU.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/