Date: Wed, 22 May 1996 16:59:39 -0400 (EDT) From: "Charles C. Figueiredo" <marxx@apocalypse.superlink.net> To: "Brett L. Hawn" <blh@nol.net> Cc: current@freebsd.org Subject: Re: freebsd + synfloods + ip spoofing (fwd) Message-ID: <Pine.BSF.3.91.960522165409.3698J-100000@apocalypse.superlink.net> In-Reply-To: <Pine.SOL.3.93.960522164358.17152B-100000@dazed.nol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 22 May 1996, Brett L. Hawn wrote: > On Wed, 22 May 1996, Charles C. Figueiredo wrote: > > > FreeBSD has an excellent tcp sequence prediction system, read your > > /usr/src/sys/netinet, then go read Solaris 2.5's tcp.c and compare. > > Look at tcp_random18() for example (a macro). I'de also like to know > > what you were attempting w/ TCP sequence prediction, if it was just how > > hard it was to hose the system w/ SYN bits, that's irrelevant to our > > number generator and the reliability of the implementation. That's > > dependant on the fact that the system is 4.4BSD based, which there's > > nothing wrong with. Now, if you're going to tell me that you tried to > > exploit r* services using tcp sequence prediction through port 513, well > > wrappers take care of that, I'de like to see you sequence a full-duplex > > connection based service, and prove FreeBSD cannot handle just as well as > > any other Unix. I want to know what you're doing w/ your experiments. > > You're merely giving me lists of stuff that's known by everyone. > > > Now I see where you dug the port 513 out of, you're the one who mentioned > it, not me. > > Ok, lets see here, right off the top of my brain I could easily spoof you on > IRC and cause you a great deal of pain (having been the victim of one such > spoof I can tell you just how much pain it can cause). Next down the line > would be 'secure' systems that rely on IP/FQDN for their interaction, I > don't need a full duplex connection, all I need to do is get on and do what > I mean to do. So I can't see whats coming back, if I have a well thought out > plan its my guess that I don't need to see whats coming back. The idea is > not to create a full duplex connection, the idea is to 1: knock you out of > service, 2: disrupt your service, 3: connect long enough one way to get > something done that will allow me to sneak in via a new backdoor, 4: lord > only knows what else those minds which are more creative than I have though > of. > > Brett > > Spoofing irc is no big deal, really. No, you don't need to work in full-duplex, but if you manage to connect, you still have to login and gain root. If you want knock out service, or disrupt, or create backdoors, do it elegantly w/ hijacking. I invite you to have a shot at apocalypse.superlink.net. Managing to sequence connection based services is only worth the trouble when a network is firewalled, and even then, a good firewall is smart enough to stop sequencing attacks of the sort. Marxx
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960522165409.3698J-100000>