[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Dec 2003 17:09:35 -0500
From: Jeff Kell <jeff-kell@....edu>
To: bugtraq@...urityfocus.com, full-disclosure@...sys.com
Subject: Re: A new TCP/IP blind data injection technique?
Stephen Frost wrote:
>> As such, there seems to be a reason for some concern, even with
>> random IP IDs, since it only takes one RFC-ignorant party for the
>> attack against a session to succeed.
>
>
> Is it possible the RSTs you're seeing are from firewalls which send an
> RST due to rules in the firewall? It could be that those 12 hosts
> wouldn't actually accept a connection where the SYN packet has a zero
> TCP checksum.
Many switches will not forward incorrect checksums. NAT devices
recalculate checksums. Your mileage may vary.
Jeff
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists