From the course: Threat Modeling: Spoofing In Depth
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
What you know in host spoofing
From the course: Threat Modeling: Spoofing In Depth
What you know in host spoofing
- One of the things many network protocols have in common is that they're authenticated by a simple form of what you know. Sequence numbers and other parts of the protocol are used to both assemble and authenticate packets. If I'm on the path, spoofing is obviously easy. It's natural to think that I have to be on the path to see what's happening, but it turns out that, because networking is complicated, many elements of network protocols are predictable. DNS clients used the source port number and a DNS query ID to authenticate a DNS response. Each of those is a measly 16 bits, and it's visible to anyone who can see network traffic. That small size makes DNS vulnerable to brute force attacks. Historically, you didn't need a brute force attack because everything was predictable. TCP sequence numbers were predictable because they didn't use strong randomness. Now, modern systems from major vendors are much better about using high-quality pseudo-randomness for these values, but that's…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.