Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Somebody has tried to break in. What to do with him?
  • From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
  • Date: Fri, 4 Jan 2002 14:20:25 -0700
  • Message-id: <000701c19565$a0669f00$6400030a@xxxxxxxxxxxx>
this is why shitty tcp-ip stacks (with guessable sequences/etc) are a
problem. Plus let's say I have two boxes, I spoof connection from A (make it
appear from B), if someone complains about B I go "I didn't do it, here, I
can proove it, my isp now monitors that stuff outgoing!". Or let's say you
have access to a bunch of computers on a hub network (sound familiar?) I can
just spoof one of the other IP's, or using dsniff hijack arp/ip's/etc.

TCP-IP doesn't even think about security.


Kurt Seifried, kurt@xxxxxxxxxxxx
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/


----- Original Message -----
From: <alexeys@xxxxxxxxxxxxx>
To: <suse-security@xxxxxxx>
Sent: Friday, January 04, 2002 2:07 PM
Subject: Re: [suse-security] Somebody has tried to break in. What to do with
him?


> I did not know that it is possible to forge IP address in stream
connections -
> it is required for handshake.
>
> - Alexey.
>
> { http://trelony.cjb.net/ } Alexey N. Solofnenko
> { http://www.inventigo.com/ } Inventigo LLC
> Pleasant Hill, CA (GMT-8 usually)
>
>
> -------------------------------------------------
> This mail sent through IMP: https://mail.inventigo.com/horde/imp/
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>


< Previous Next >
Follow Ups