IP Spoofing contents.gifindex.gif

IP Spoofing

This option enables checking for TCP sequence prediction. If the TCP sequence is predictable, an intruder can send packets that are forged to appear to come from trusted machines and compromise such services as rsh and rlogin, because their authentication is based on IP addresses. The percentage guessed is the likelihood that an intruder could predict the sequence and compromise the system.

Risk: Medium

Fix: Ask your vendor for patches to correct TCP sequence prediction.

Using Rsh

This vulnerability allows an intruder masquerading as a user from a trusted host to execute a command remotely through the rsh service.

Risk: High

Fix: Turn off rshd and other services that authenticate based on IP address. Install patches from your vendor that correct TCP sequence prediction.

Using Rlogin

This vulnerability allows an intruder masquerading as a user from a trusted host to execute a command remotely through the rlogin service.

Risk: High

Fix: Turn off rlogin and other services that authenticate based on IP address. Install patches from your vendor that correct TCP sequence prediction.

Advisories: CA-95:01.IP.spoofing

HP-UX Patches: HP-UX 9.0x Patch hp-ux_patches/s700/9.X/PHNE_5361 contains the ability to randomize TCP sequence. HP-UX 10.x: uses nettune to select sequence number approach. SeeHP-UX Patches.