Annotation of embedaddon/hping2/docs/MORE-FUN-WITH-IPID, revision 1.1

1.1     ! misho       1: Posted to bugtraq mailing list (20 Nov 1999):
        !             2: 
        !             3: ---
        !             4: Hi,
        !             5: 
        !             6: some little new ideas about IP ID issue:
        !             7: 
        !             8: The first is about linux firewalling: since it increase IP ID global counter
        !             9: even if an outgoing packet will be filtered we are able, for example, to
        !            10: scan UDP ports even if ICMP type 3 output is DENY, and in general it is possibleto know when TCP/IP stack reply a packet even if the reply is dropped.
        !            11: I think (but not tested) that this is true for almost all firewalls.
        !            12: 
        !            13: The second issue concern the ability to uncover firewall rules. For example
        !            14: it is travial to know if host A filter packets from the IP X.Y.Z.W monitoring
        !            15: IP ID incresing of host A or host with X.Y.Z.W address (this changes if we are
        !            16: interested to know input or output rules) and sending packets that suppose
        !            17: some reply. Also this is related with the ability to scan the ports of hosts
        !            18: that drop all packets with a source different than host.trusted.com.
        !            19: There are others stuff like this but they are only different faces of the
        !            20: same concepts.
        !            21: 
        !            22: Some people thinks that this kind of attacks isn't a "real world" attacks,
        !            23: I'm strongly interested to know what's bugtraq readers opinion (IMO this
        !            24: kind of attacks are feasible and usefull for an attacker. For exaple the
        !            25: ability to scan the ports with only spoofed packets and the ability to
        !            26: guess remote hosts traffic are a lot real).
        !            27: 
        !            28: ciao,
        !            29: antirez

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>