Hi Marcus, There are a couple of problems with the replaying traffic you've captured between two hosts with a trust relationship. <snip> > Or even just send the following (where 10.0.0.1 is a trusted IP you're > spoofing with)? > ---> 10.0.0.1 SYN > ---> 10.0.0.1 ACK </snip> To be able to do this, you need to know the initial sequence number that your victim will generate, otherwise your ACK packet will not follow on from the SYN/ACK that it's sent in response to your SYN. > # in theory the victim will send a SYN/ACK to the REAL 10.0.0.1, but > # you could send an ACK anyway and spoof a full connection... as long as > # you got the lag right... If there is a REAL 10.0.0.1 that's reachable by your victim on the application port you're connecting to, then the SYN/ACK that is sent to 10.0.0.1 will get a RST response, which will tear down the connection that you're trying to establish. You'd have to use a spoofed address that's not reachable on this TCP port, or DOS 10.0.0.1 to make this work. > #then > ---> 10.0.0.1 arbitrary data > Thoughts? Regards, Paul
This archive was generated by hypermail 2b30 : Tue May 01 2001 - 11:08:07 PDT