> -----Original Message-----
> From: owner-freebsd-security freebsd.org
> [mailto:owner-freebsd-securityfreebsd.org] On Behalf Of
Uwe Doering
> Sent: Tuesday, August 22, 2006 4:09 AM
> To: freebsd-securityFreeBSD.ORG
> Subject: Re: SSH scans vs connection ratelimiting
>
> that someone could fake a complete exchange like this
from the remote
> via a TCP connection while using source IP address
spoofing. My
> understanding so far is that source IP address spoofing
from
> the remote
> works only with connectionless protocols like UDP and
ICMP,
> or TCP SYN
> packets as a special case. Please correct me if I'm
wrong.
You are more or less correct.
For all practical purposes, spoofing a three way tcp
connection is
impossible.
(for all practical purposes)
There is man in the middle attacks, routing hijacking, and
possibly tcp
connection id spoofing, but if you are using a modern os
that does not
suffer from connecting id guessing, its so hard to do that
that only
someone specifically trying to break into your network, who
has the
ability to sniff your traffic, might even have a ghost of a
chance of
doing this.
(and if you already have the *keys from known_hosts, ssh
will complain
about it if it even gets that far)
--
Michael Scheidell, CTO
561-999-5000, ext 1131
SECNAP Network Security Corporation
Keep up to date with latest information on IT security: Real
time
security alerts: http://www.secnap.com/news
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"
|