|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: FCIP iFCP encapsulation proposal> I can envision a case where the user embeds a sequence of several > well-formed PDUs in such a payload to handle the case where > resynchronization requires the detection of more than one good > encapsulation. Precisely. In fact, in fact, I just realized (once again), that I'm an idiot---the chance of user getting control with a repeating set of valid PDUs is actually MUCH higher than 1 in # of words in the PDU. If the TCP segment begins with the start of a PDU, the user will not get control. If the TCP segment begins at any other point, the scan will proceed (failing to resynch) until it reaches the beginning of one of the user's spoofing PDUs, at which point resynching will succeed (erroneously), and the user will have control, at least until the end of the current, actual PDU. In other words, the chances are remote that a stream of PDU patterns in the user data WON'T cause resynchronization to occur erroneously. As to why would this happen---to watch it burn. Why not? Script Kiddies abound. Personally, if I were a 12 year old, hacking on my school's shared 11/34 running RSTS/e, I'd blindly stumble around trying different SYS(xxx) calls too. Steph
Home Last updated: Tue Sep 04 01:05:22 2001 6315 messages in chronological order |