[Full-disclosure] TCP Hijacking (aka Man-in-the-Middle)
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu Oct 25 18:40:53 BST 2007
On Thu, 25 Oct 2007 10:09:47 PDT, Oliver said:
> I have been searching all over the place to find an answer to this question,
> but Google has made me feel unlucky these last few days. I hope I could find
> more expertise here. The burning question I have been pondering over is -
> could TCP connections be hijacked both ways?
Quick summary:
Steve Bellovin pointed out the issue. 19<stone age>
Kevin Mitnick exploited it. 19<bronze age>
Steve wrote RFC1948, which basically said "Use randomized ISNs so the attacker
has to work harder at it". 1996.
A lot of vendors sort of implemented it. 1996-2000.
Michael Zalewski did a nice phase-space analysis and showed a lot of vendors
botched it. http://lcamtuf.coredump.cx/oldtcp/tcpseq.html 2000
A lot of vendors fixed their shit, but a lot didn't.
http://lcamtuf.coredump.cx/newtcp/ 2001.
You're now caught up to 6 years ago.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071025/00f51c84/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.