it also has the whiff of potential naughtiness
Oh, great. Republicans have made it in here, too. | [reply] |
Pardonnez? I vote a straight-Pogo ticket. ;-)
I also happen to do network security, which involves paranoia and concepts like, "trust, but verify."
I've requested verification, and will be happy to support the node if I see some.
In the absence of verification, I will consider witholding my trust.
| [reply] |
Okay, firstly sorry to my poor english.
(1).TCP three-times handshakes:
A( SYN, ISN_A ) -> B
A <- B( SYN/ACK, ISN_B/ACK_AISN_A+1 )
A( SYN/ACK, ACK_A/ACK_BISN_B+1 ) -> B
Socket API 'connect()' just does the 3times
handshakes. 'sleep(1)' is to sure that sniffer child is
running. In sniffer child, only captures the related
packets, it's object is to get the ISN_B of this
connection. After the handshakes is over, pack a packet to
B and inject it into the connection. And if you don't want
the connection closed, you must pack a correct packet to A
too.
(2).Blind handshakes
If the ISN of B is predicted. You can capture ISNs of each
connection and analyst the numbers. For example, the ISN of
B is not change anytime.
A - i
B - you, ISN will not change.
C - he
I: A(src_ip:C, SYN, ISN_Cany) -> B
II: C <- B(dest_ip:C, SYN/ACK, ISN_B/ACK_CISN_C+1 )
if C is active:
III: C(dest_ip:B, RST) -> B
if C is not active:
IV: A(src_ip:C, SYN/ACK, ACK_C/ACK_BISN_B+1 ) -> B
If i can 'see' the packet II(for example, C and A are in
the same network), i can get the ISN_B correctly. And if
the C is not alive, i can generate the packet IV to
complete the 3times handshakes from C->B. And if i can
not 'see' the packet II(C is not in my networks and not in
my HUB/Switch device), i could guess the ISN_B as before
analyst. This is called ip spoof.
... It's an old tcp game.
--------------------------
I 4m jU$t A $cRipt /<iddi3
| [reply] |
This is called ip spoof.
It's childish to say: "I told you so". Just pretend I said it, anyway.
| [reply] |