|
Posted by Jerry Stuckle on 01/22/08 13:29
Willem Bogaerts wrote:
>>>> Not the way TCP/IP works. You can send up to 7 packets before an ACK is
>>>> required by the sender. This is all done by the transport layer, and
>>>> the web server has no idea what's going on.
>>> Stupid question maybe, but can such a signal be sent anyway or does it
>>> require some part of the question it answers to? If it can be sent
>>> anyway and be recognized as valid, you would still be able to send data
>>> and have the returns sent to the wrong destination.
>>>
>>> As you have guessed, I did not study the TCP/IP protocol.
>>>
>> If you send a SYN packet - a a request to open, it will be answered.
>>
>> If you send an ESTABLISHED packet, if its not part of a recognized
>> established session it will be junked. Unless its some new TCP/IP
>> software that is more full of bugs than Jerries head..
>
> What I mean is, could you send a stream of packages (even if a lot of
> them are junked), such that some of them will always respond to the
> server? I don't know how many possibilities or how much time this would
> take, but I am just trying to see if the anonymous injection attack
> mentioned earlier could work.
>
> Instead of:
>> Client --- Host
>> SYN -->
>> <-- SYN+ACK
>> ACK -->
> Would it be possible to do:
> Client --- Host
> SYN -->
> (pause)
> ACK -->
> Inother words, a "brute force ACKing"?
>
> Just curious,
That's one way to do it, although not necessarily the most efficient.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
[Back to original message]
|