• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Evil Hackers, Spoofing, and PortIDs
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Evil Hackers, Spoofing, and PortIDs

  • Subject: Re: Evil Hackers, Spoofing, and PortIDs
  • From: Joshua Graessley <email@hidden>
  • Date: Sun, 17 Nov 2002 23:00:12 -0800
If by "socket ID" you mean the new socket you get when you call accept, it can't be remotely spoofed. When you are listening on TCP and you call accept to receive an incoming connection, another socket is created, which leads to another file descriptor. This is used for further communications. Any traffic matching the source and destination addresses and ports in the original three way TCP handshake will be received on that TCP socket.

If someone runs a kernel extension locally on Mac OS X, there is nothing to prevent them from injecting data in the socket buffer to make it look like it came off the wire.

What exactly are you trying to achieve? Even after you've called accept, it is possible for someone to generate network traffic that will look like it's coming from the remote side by spoofing the source address and port, and getting the sequence and ack numbers correct. That data will end up in the socket you created by calling accept.

-josh

On Sunday, November 17, 2002, at 07:47 AM, Chilton Webb wrote:

(I'm referring to the stereotypical media-hyped 'Hacker' here, not the old-skewl meaning...)

I am designing the networking code for an online game. My limited knowledge of TCP reveals that any inbound data (origin IP address, etc.) can be spoofed. But once said data hits my machine, the new inbound socket connection is given a SocketID. Can that SocketID be spoofed? I can't see how, but before I rely on that (in addition to other security precautions), I'd kinda like to know.

Thanks,
-Chilton
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.
References: 
 >Evil Hackers, Spoofing, and PortIDs (From: Chilton Webb <email@hidden>)

  • Prev by Date: Re: CFStream Problem on Jaguar
  • Next by Date: Headers incompatibility
  • Previous by thread: Evil Hackers, Spoofing, and PortIDs
  • Next by thread: Re: Evil Hackers, Spoofing, and PortIDs
  • Index(es):
    • Date
    • Thread