* Kurt Seifried wrote on Fri, Jan 04, 2002 at 15:35 -0700:
This cannot be easily used, i.e. not by script kiddies, since you need to sniff the answer packets (at least in scans; in exploit not neccesarily if you guess the seqs). Those answer packets get routed to the faked IP and so you'd need control over a router in between...
no. you simply need a single box anywhere near the path that either directly sees the packets,
Well, I don't think that Script "The Kid" Averadge has access to such a box.
or can arp poison/etc to see them.
If that's possible. It's not possible behind ISDN or DSL lines, since they don't use ARP and I hope that most routers won't be so silly to accept ARP "reply" packets on the "wrong" interface; by that, you shouldn't be able ot modify it's routing decision. I would assume that most TCP scans with connect don't do any address spoofing; and I think that's not even neccesary, since most ISPs won't care about such issues...
Or an end host that will accept them (like someone's hacked home machine on adsl).
:) But in that case there is no address spoof taking place at all.
Well, then you have either to guess seq no, which is in case of linux not trivial or to sniff the answer packets. Usually you have to do something to prevent B from sendet RST. So it's not that easy...
I control B. end of story there =).
Yep, you control, not spoof :-)
You need to go take a look at dsniff, very user friendly.
IIRC I tried it, or some other tool, but it worked in the local subnet only. But I'm not sure here.
Well, it's a networking protocol :)
And that is the wrong attitude (why we are in this mess right now =).
Again I don't think so. You can use more secure protocols on IP like IPSec or use more secure protocols no top of TCP like SSL/TLS. Finally, applications may secure the traffic, which is the only way to have some kind of endpoint-endpoint security. I think after all security in general is not that bad, with some efford you can have servers online without beeing hacked :) And finally, we make our money with it :-). oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.