* * * * *

                            New net-based attack?

In looking closer at the forged TCP packets I'm getting, I'm wondering if
this is some very subtle attack going on.

The sequence I'm seeing is a TCP packet from the forged address with the
FINISH flag set. My system then tries to repond to the packet (why? It's not
a valid connection to begin with) but the data it sends back contains garbage
from previous IP packets, not neccessarily just other TCP packets.

Now, could it be that somewhere along the path some host's NIC is in
promiscuous mode and can read the packets, and with a long enough sample of
data, might be able to determine information from the partial garbage packets
sent back? For instance, I'm seeing my system send back garbage packets with
part of my SNMP community string.


Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.