Thursday, February 09, 2006

Back to the protocols

We do so much programming for the web applications and still rarely get a chance to understand how the basic protocols work. So when I was recently asked to provide some material on IP spoofing, I waded through the specification after a long time.

Since the handshake between client and server consists of passing the source address as well as the sequence number generated by the server, for a successful attack we need to send an initiating message and since we do not receive the answer from the server, we need to guess the sequence number generated by the server and send the correctly incremented number in our ack. We also need to disable the spoofed host through flooding or some other means. Here is an excellent article with source code for this attack.

When you are on the same local network as the host whose identity you are trying to assume, the attack is much easier because IP packets are available to you.

Here is a much referenced paper on TCP/IP security problems by Bellovin including attack through routing protocols, ICMP and other application level protocols.


Post a Comment

<< Home