Posted by Willem Bogaerts on 01/22/08 13:10

>>> Not the way TCP/IP works. You can send up to 7 packets before an ACK is
>>> required by the sender. This is all done by the transport layer, and
>>> the web server has no idea what's going on.
>>
>> Stupid question maybe, but can such a signal be sent anyway or does it
>> require some part of the question it answers to? If it can be sent
>> anyway and be recognized as valid, you would still be able to send data
>> and have the returns sent to the wrong destination.
>>
>> As you have guessed, I did not study the TCP/IP protocol.
>>
>
> If you send a SYN packet - a a request to open, it will be answered.
>
> If you send an ESTABLISHED packet, if its not part of a recognized
> established session it will be junked. Unless its some new TCP/IP
> software that is more full of bugs than Jerries head..

What I mean is, could you send a stream of packages (even if a lot of
them are junked), such that some of them will always respond to the
server? I don't know how many possibilities or how much time this would
take, but I am just trying to see if the anonymous injection attack
mentioned earlier could work.

Instead of:
> Client --- Host
> SYN -->
> <-- SYN+ACK
> ACK -->
Would it be possible to do:
Client --- Host
SYN -->
(pause)
ACK -->
Inother words, a "brute force ACKing"?

Just curious,
--
Willem Bogaerts

Application smith
Kratz B.V.
http://www.kratz.nl/

[Back to original message]