In running some tests, I've found a system that is vulnerable to
nessus' teso_telnet.nasl attack. But when I told the admins about
it, they said that because it was protected by a router and that
only certain addresses could connect to it, that it was not as big
a problem as I was claiming.
My manager suggested that I try to spoof the address of one of the
machines that is allowed to connect to this system. So I've been
trying to edit teso_telnet.nasl into an attack that uses forged
packets with a particular source address.
My problem is that I'm not sure that this attack is possible with
forged addresses. The 3-way handshake can't complete, can it?
Basically, I'm fairly confused. Can I perform this attack with
a spoofed address? Anyone want to offer up a clue?
Thanks.
Benny
nessus' teso_telnet.nasl attack. But when I told the admins about
it, they said that because it was protected by a router and that
only certain addresses could connect to it, that it was not as big
a problem as I was claiming.
My manager suggested that I try to spoof the address of one of the
machines that is allowed to connect to this system. So I've been
trying to edit teso_telnet.nasl into an attack that uses forged
packets with a particular source address.
My problem is that I'm not sure that this attack is possible with
forged addresses. The 3-way handshake can't complete, can it?
Basically, I'm fairly confused. Can I perform this attack with
a spoofed address? Anyone want to offer up a clue?
Thanks.
Benny