Something I've been thinking about for a while now....
If you can record arbitrary packets, can you replay them?
For instance, go to promiscuous mode, record packets issued by a server
in a conversation with a workstation, then replay them as your own at a
later date.
Or log a conversation locally from a trusted IP, then replay that
conversation from a spoofed address?
Or even just send the following (where 10.0.0.1 is a trusted IP you're
spoofing with)?
---> 10.0.0.1 SYN
---> 10.0.0.1 ACK
# in theory the victim will send a SYN/ACK to the REAL 10.0.0.1, but
# you could send an ACK anyway and spoof a full connection... as long as
# you got the lag right...
#then
---> 10.0.0.1 arbitrary data
Thoughts?
Marcus Pinto
Consultant
*** WARNING *** WARNING *** WARNING *** WARNING ***
This is an E-mail /fax message which is to be sent outside Echelon
Consulting Ltd and as such must not contain inappropriate material
of an offensive or commercially sensitive nature. The views expressed
in this message are those of the sender and do not necessarily
represent the views of Echelon Consulting Ltd.
*** WARNING *** WARNING *** WARNING *** WARNING ***
Echelon Consulting Limited
Victoria House, 18-22 Albert Street, Fleet, GU13 9RL, England
Tel: +44 (0)1252 627799 Fax: +44 (0)1252 626904
URL: http://www.echelonltd.com
This archive was generated by hypermail 2b30 : Tue May 01 2001 - 07:40:57 PDT