Not to my knowledge...
The folks at Guardent are talking to CERT and to various vendors about
the problem before releasing any details.
--Steve Bellovin, http://www.research.att.com/~smb
so WSJ is considered a vendor these days?
Hi
Is there anything actually new in this exploit compared to the known TCP
hijacking vulnerabilities as portrayed say in Phrack 50(Juggernaut) ?
Thanks
Rafi
[also posted to Bugtraq separately]
>Any details? Any incidents using the exploit guardent has
>identified?Not to my knowledge...
The folks at Guardent are talking to CERT and to various vendors about
the problem before releasing any details.
The 50.000 foot view:
There is a further vulnerability in TCP/IP if you can determine the Initial
Sequence Number without actually starting a connection. By exploiting your
knowledge of the remote host, a telephone modem user can cause webservers to
become massive Denial of Service agents, targeting arbitrary targets. Lots
of consumer editions of windows come with easily guessable sequence numbers.
I actually tried this and it works, but because I was busy with another
project (see .sig), I neglected to share it with the world. However, as
Guardent says, it is pretty hard to actually do this. Once the exploit is
out, it becomes far easier. It took me 2 days of non-stop coding to get it to
work.
I'm not sure if this is what Guardent means, but I suspect it is.
In more detail:
A regular HTTP TCP/IP session looks (modulo some details - read Stevens
TCP/IP Illustrated for full explanation) like this:
Browser computer Server Computer