Dear Valdis.Kletnieks@vt.edu,
During blind TCP spoofing you can send data, but you can not receive
one. That's why it's blind. The general idea is to insert some data,
e.g. commands into telnet session or HTTP request into established TCP
connection. Usually, you have only one packet to insert, because, after
connection is spoofed, sequence number go out of order and hijacked side
will reply with RST (unless you can blindly guess both sequence numbers
and predict the moment another side will sent some data with accuracy of
approximately 100ms. In this case both sides can consider extra packet
as a duplicate and ignore it).
So, generally, 1. there is no reason to spoof both connections. 2. it's
only possible if sequence number is 100% (or close to 100%) predictable.
--Friday, October 26, 2007, 1:14:23 AM, you wrote to 3APA3A@SECURITY.NNOV.RU:
VKve> On Fri, 26 Oct 2007 00:43:10 +0400, 3APA3A said:
Randomized ISN doesn't protect against MitM.
VKve> Doing a MitM is basically just spoofing two connections at the
VKve> same time. If you know how to do one, you know how to do two. And
VKve> if you know how to do one of them *blind*, it vastly increases
VKve> your options (as you only need to be able to see the traffic in
VKve> one direction rather than both).
--
~/ZARAZA http://securityvulns.com/
Если даже вы получите какое-нибудь письмо, вы все равно не сумеете его
прочитать. (Твен)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
