Re: Spoofing...

From: John Lampe (j_lampeat_private)
Date: Wed Dec 19 2001 - 04:53:43 PST

  • Next message: Noam Rathaus: "smb_sid2user.nasl"

    > My problem is that I'm not sure that this attack is possible with
    > forged addresses.  The 3-way handshake can't complete, can it?
    As soon as your kernel sees the incoming SYN/ACK (after your spoofed SYN)
    from the target machine it will send out a RST.
    > Basically, I'm fairly confused.  Can I perform this attack with
    > a spoofed address?  Anyone want to offer up a clue?
    This is just my opinion, but after running a NESSUS scan it is now time to
    break out your toolkit and attempt to get a remote shell.  Do your spoofing
    via your OS (not during a NESSUS scan) and run the actual exploit code
    against the machine.  The source code is up on bugtraq and (probably)
    packetstorm.  Or, send me an email offline and I'll shoot you a copy.
    > Thanks.
    > Benny
    John Lampe

    This archive was generated by hypermail 2b30 : Wed Dec 19 2001 - 09:54:08 PST