Re: RE: Session & IP Spoofing

From: Frank Knobbe (frank@knobbe.us)
Date: Thu Dec 04 2003 - 19:41:09 EST

• Next message: Scovetta, Michael V: "RE: RE: Session & IP Spoofing"
• Previous message: Micheal Thompson: "RE: RE: Session & IP Spoofing"
• In reply to: Nexus: "Re: RE: Session & IP Spoofing"
• Next in thread: Rob Shein: "RE: RE: Session & IP Spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, 2003-12-04 at 09:46, Nexus wrote:
> But you would also need to spoof the TCP 3-way handshake before you can even
> send the HTTP GET request, which is um..... non-trivial ;-)

I thought that IIS servers don't need the 3-way handshake. Isn't IE
cheating by trying to send regular ACKed data packets in order to speed
up the connection with the IIS webserver? (and falls back to TCP 3-way
when it doesn't get a response, as is pretty much the case with all
standards abiding web servers).

So IIS servers may be more vulnerable against those spoofing attacks
then, say, Apache servers.

(and if that is the case -- testing required here -- then it's just
another one of those situations where Microsoft ignores a standard,
tries to cheat in favor of performance, and gets bitten with a
vulnerability in the end...)

Regards,
Frank

• application/pgp-signature attachment: This is a digitally signed message part

• Next message: Scovetta, Michael V: "RE: RE: Session & IP Spoofing"
• Previous message: Micheal Thompson: "RE: RE: Session & IP Spoofing"
• In reply to: Nexus: "Re: RE: Session & IP Spoofing"
• Next in thread: Rob Shein: "RE: RE: Session & IP Spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:43 EDT