> I read SOMEWHERE in the last few days that there is a flaw in all
> 2.2.x and 2.3.x kernel code tcp stack including 2.2.12 allowing something
> like session hijacking or a similar attack yet have seen no discussion or
> patches for it here. Have I been misinformed or is it just quietly being
> worked on? Thanks
>
> meridian
This is just some more diatribe. Once a connection is established, all
Ethernet TCP/IP implimentations (even W$) communicate (see ARP)
hardware-to-hardware. A hijacker would have to take your ethernet
controller out of your box and used it to hijack your communications.
But.... many ethernet controllers, in violation of their original
license to use an assigned MAC address, allow the MAC address to be
set in software. This means that, in principle, it is possible for
any machine on your LAN to completely and transparently pretend that
it is you. There is no way that any TCP/IP stack anywhere can defend
against this because the emulation is perfect.
Look at recent Ethernet driver code. You will note that the MAC address
is simply stored somewhere and software has to take it and put it
into the Ethernet header. This is not the problem however, recent
controllers allow software to set the MAC address it will receive.
This means that you can send/receive with a MAC address of anything you
want including the Payroll Computer that has already established a
connection and is writing checks.
Cheers,
Dick Johnson
**** FILE SYSTEM WAS MODIFIED ****
Penguin : Linux version 2.3.13 on an i686 machine (400.59 BogoMips).
Warning : It's hard to remain at the trailing edge of technology.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/