Andrea Barisani wrote: > Client (ftest.pl) ---> Firewall ---> Sniffer (ftestd.pl) > 1 - The client (ftest.pl) send a Syn packet with a custom payload > (Question: is inserting data in a Syn packet legal?) Data is allowed. If the receiving party supports T/TCP it may save the data to be used after 3Way-handshake. If the receiving party does not support T/TCP data will simply be discarded without any notification to the sender. > The problem is that between step 2 and step 3 the spoofed address will > send a valid RST back to the sniffer, the firewall will see it and we > can't proceed. I didn't understand this point. If the spoofed source address for the connection is on the sniffer side of the connection, you shouldn't expect a reply back unless the firewall is in bridging mode. cheers. -- Burak DAYIOGLU Phone: +90 312 2103379 Fax: +90 312 2103333 http://www.dayioglu.net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 10:49:08 PDT