Il 16:35, mercoled� 17 settembre 2003, Gordon Messmer ha scritto: > Lucio wrote: > >>You can so > >>some nasty things by sending a machine packets with the source of > >>127.0.0.1, but establishing a TCP connection isn't one of them. > > > > I'm afraid you're wrong. I don't know if this is the case, but spoofing > > the source address to establish a TCP connection is a well known attack > > tecnique. Granted, it's not an easy one (excluding when used with some > > OSes), but it's possible (and nmap itself has options to check a > > particular system weakness in respect to source address spoofing, namely > > -O -v). > > Yes, nmap has an option which tells you how difficult it is to highjack > a connection. Yes you can initiate a connection with a spoofed address, > but that connection can not be made with 127.0.0.1. > > This is way way off topic, but I don't expect you to believe me, so I'll > explain why. When you initiate a TCP connection, you send a packet to > the destination with only the SYN flag set. The host that receives the > packet will determine whether the destination port is open, and in the > absense of additional constraints, send back a packet with the SYN and > ACK flags set. This packet will be send using the hosts routing table, > unless you are able to attack it using ICMP redirect packets (which is > what nmap is reporting). You will not, however, be able to redirect > traffic to interfaces local to the machine. When the destination host > sends its SYN/ACK packet, it will be received and processed locally, and > rejected because it does not relate to a connection initiated there. > >
I understand the whole explanation, which I already knew. However I still don't agree with the conclusion (I'm quite sure 99,9% likelyhood it's my fault, but you never know), but we should move this discussion to another ML. Any ideas of a ML suited for this? Maybe one of the MLs at securityfocus.com? Lucio. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
