[NTLUG:Discuss] How does this happen?
Bug Hunter
bughuntr at one.ctelcom.net
Thu Sep 30 09:28:08 CDT 1999
if an attacker munges the beginning of an ip packet, he can make the ip
packet appear to come from anywhere. The attacker is assuming some
information will be spit back, and will be sending subsequent packets with
this assumed information.
Linux has this taken care of in most cases. Hopefully, your
/etc/hosts.deny file has this line in it:
ALL: ALL
and you only allow certain hosts in /etc/hosts.allow.
bug
On Wed, 29 Sep 1999, Kelly Scroggins wrote:
> I found this in my /var/log/secure file today. I've never seen this
> type of entry before.
>
> Anyone know how an attacker can make this happen?
>
> Sep 29 04:34:41 c55493-a in.telnetd[6471]: refused connect from unknown
> Sep 29 04:34:41 c55493-a in.telnetd[6472]: warning: can't get client
> address: Connection reset by
> peer
> Sep 29 04:34:41 c55493-a in.telnetd[6472]: refused connect from unknown
> Sep 29 04:34:41 c55493-a in.telnetd[6473]: warning: can't get client
> address: Connection reset by
> peer
>
> Thanks,
> kelly
>
More information about the Discuss
mailing list