> The attacker simply uses the same IP address as a valid client ??? No, not at all.
The spoofer will never receive a reply from the target to complete the three-way handshake, and since getting this right involves knowing the target's next TCP sequence number, not ever getting that reply means it's very hard to pull off given TCP sequence randomization. And if the faked client is actually online, it will receive the responses from the target, have no idea why it's getting them, and send an RST (Rest) to the target to tear down the session. There are very, very narrow circumstances where TCP spoofing can work, so most of us security types don't seriously consider it a threat. Steve -----Original Message----- From: Wols Lists [mailto:antli...@youngman.org.uk] Sent: Saturday, November 14, 2015 3:22 PM To: firebird-devel@lists.sourceforge.net Subject: Re: [Firebird-devel] Security problem with encrypted databases On 14/11/15 22:16, Jim Starkey wrote: > While's it possible to fake the originator IP address with UDP, I > don't think it's possible with TCP. The attacker simply uses the same IP address as a valid client ??? If the valid client is offline, that's a simple attack. However, chances are valid addresses are in the same subnet as the server. If they're not, there's probably no difference between TCP as UDP, because the reply still needs to get back to the attacker, and routing will fail/succeed based on the address, not the protocol. If the valid client is online, then I think behaviour is "undefined", but the attack is likely to either fail, or be noticed. However, even if it's noticed, it might well not (indeed probably won't) be recognised. Cheers, Wol ---------------------------------------------------------------------------- -- Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
