Re: hijacking TCP connections on FreeBSD

From: Ron DuFresne (dufresneat_private)
Date: Wed Jul 10 2002 - 13:19:22 PDT

Next message: Jason Coombs: "RE: [7.8.2002 44916] Notice of Copyright Infringement]"

Previous message: Kenneth Duran: "Re: Norton antivirus fails to scan files"
In reply to: jmiller: "Re: hijacking TCP connections on FreeBSD"
Next in thread: tide: "Re: hijacking TCP connections on FreeBSD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 9 Jul 2002, jmiller wrote:

> a man in the middle is not neccessary, you sniff the packets, spoof your ip
> and or mac, then dos the other box you are spoofing. there is a *nix tool
> that will do an arp flood, turning all switches into a hub, so you do not
> need to be on the same subnet either. search for it on freshmeat.net
> Jmiller

This is of course, assuming you are in a position to sniff the traffic at
some point.  Otherwise man-in-the-middle is the way to go about the task.

Thanks,

Ron DuFresne


>
>
> ----- Original Message -----
> From: "Ryan Permeh" <ryanat_private>
> To: <elanat_private>; <vuln-devat_private>
> Sent: Tuesday, July 09, 2002 10:53 AM
> Subject: RE: hijacking TCP connections on FreeBSD
>
>
> > by using a man in the middle attack, you can do this.  You simply need to
> be
> > on the route between the host and the computer.  I believe dsniff does
> this.
> > Also, you may be able to do it non blindly, on the same network segment as
> > the freebsd machine by sniffing and injecting packets, but there is more
> > possibility of interference at that point.
> >
> > A protection against this is to encrypt your traffic so that neither mitm
> > attacks nor injection attacks can adequately interrupt the packet stream.
> >
> >
> > Signed,
> > Ryan Permeh
> > eEye Digital Security Team
> > http://www.eEye.com/Retina -Network Security Scanner
> > http://www.eEye.com/Iris -Network Traffic Analyzer
> > http://www.eEye.com/SecureIIS -Stop Known and Unknown IIS Vulnerabilities
> >
> > -----Original Message-----
> > From: Elan Hasson [mailto:elanat_private]
> > Sent: Monday, July 08, 2002 9:49 PM
> > To: vuln-devat_private
> > Subject: hijacking TCP connections on FreeBSD
> >
> >
> > (I'm not sure if this is the correct list for this post)
> >
> > Is it possible to hijack established tcp connections on FreeBSD? if so,
> how?
> > any programs in existence that do this already?
> >
> >
> > --Elan Hasson
> > http://www.compiled.org -- The programmer's resource.
> >
> >
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

Next message: Jason Coombs: "RE: [7.8.2002 44916] Notice of Copyright Infringement]"
Previous message: Kenneth Duran: "Re: Norton antivirus fails to scan files"
In reply to: jmiller: "Re: hijacking TCP connections on FreeBSD"
Next in thread: tide: "Re: hijacking TCP connections on FreeBSD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 10 2002 - 14:13:40 PDT