On Tue, 19 Aug 2003 18:32:11 EDT, Mark Medici <markat_private> said: > If, in fact, the firewall is configured as indicated, and that only > authorized IP addresses from the software vendor's IP space is permitted > to access pcAnywhere, then it is NOT a trivial hack to gain access to > pcAnywhere in order to exploit the weak passwords. In order to > circumvent the firewall, the intruder would have to first compromise a > router or host at either the vendor or customer's end, or somewhere in > between, or the firewall itself. Or the intruder would need to gain > physical access to one of these end locations. Actually, no. RFC1948: Defending Against Sequence Number Attacks. S. Bellovin. May 1996. (Format: TXT=13074 bytes) (Status: INFORMATIONAL) Turns out it was this very attack that Kevin Mitnick used on Shimomura's machines... And it turns out that a lot of vendors still get it wrong, or suboptimal: http://razor.bindview.com/publish/papers/tcpseq.html
This archive was generated by hypermail 2b30 : Wed Aug 20 2003 - 16:39:22 PDT