On Tue, May 27, 2003 at 06:23:10PM -0500, Andr?s Rold?n wrote: > Hi. > > I was reading about certain kind of attacks about TCP sequence and I was > wondering whether iptables is vulnerable to theses attacks. Especifically, > whether iptables is capable to know if a RELATED or ESTABLISHED package is > sent with a sequence number prediction attack and whether iptables is capable > to know if the IP address has been spoofed by these means. It think you're talking about severing connections or inserting data in them by predicting sequence numbers.
The sort answer is, nothing can. The problem is that there is no way to verify the source address and these are really valid packets. You do have options: 1. Use IPsec This *will* verify the source cryptographically, but it is a pain to set up/maitain and has its own issues. 2. Use the grSecurity Patch This will prevent prediction unless someone is snooping on the connection (it prevents *blind* spoof attacks) by randomizing the source numbers. There appears to be enough stuff in here that using it would be a good, paranoid approach. You still have to build a kernel, but it's less work than IPsec (but *READ* the features before turning them on, otherwise your system may not boot). Is that all on this? List? Jayson P.S. Hablo un poquito de Espa~ol, si no puedes entender mi respuesto. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
