Juggernaut requires eavesdropping; this one doesn't.
--Steve Bellovin, http://www.research.att.com/~smb
>
> Hi
>
> Is there anything actually new in this exploit compared to the known TCP
>hijacking vulnerabilities as portrayed say in Phrack 50(Juggernaut) ?Juggernaut requires eavesdropping; this one doesn't.
No eavesdropping at all ? how can a TCP connection be hijacked if you're
not on the connection path?
(Or capable of diverting the connection past you -
breaking routers/source_routing/<whatever>.... )
--Steve Bellovin, error
Thanks
Rafi