In running some tests, I've found a system that is vulnerable to nessus' teso_telnet.nasl attack. But when I told the admins about it, they said that because it was protected by a router and that only certain addresses could connect to it, that it was not as big a problem as I was claiming. My manager suggested that I try to spoof the address of one of the machines that is allowed to connect to this system. So I've been trying to edit teso_telnet.nasl into an attack that uses forged packets with a particular source address. My problem is that I'm not sure that this attack is possible with forged addresses. The 3-way handshake can't complete, can it? Basically, I'm fairly confused. Can I perform this attack with a spoofed address? Anyone want to offer up a clue? Thanks. Benny
This archive was generated by hypermail 2b30 : Wed Dec 19 2001 - 09:30:51 PST