27 Oct
2005
27 Oct
'05
20:41
On Thu, Oct 27, 2005 at 04:23:27PM +0200, media Formel4 wrote:
Question is:
- Is it possible with spoofed IP numbers to establish connections to port 80? As far as I know you should get stuck after "SYN".
If Syn cookies are enabled it could be done by blind connection forgery. Sending lots of pakets containing random data instead of real cookie content could result in very few connections. Not an appropriate method to start some DoS attack.
I'm asking that, because tracing back the IPs in question I find very often unrouted areas and non-reachable (but maybe firewalled) IPs.
What if someone managed to compromise a router nearby? -- Stefan Tichy ( s.list at pi4tel dot de )