|
|
|
|
|
|
by __d
1370 days ago
|
|
|
The network stack matches TCP/IP packets to sessions using the 5-tuple of source and destination IP and port number plus the protocol number. It doesn't (and can't) care how such a packet actually gets to the receiver. So by spoofing the source address, it's trivial to send packets to your target host. However, to have them actually accepted, the sequence numbers need to be right (or right enough) to slot that packet into the ongoing stream. But ... packets with bad sequence numbers don't break a connection, they're just assumed to be retransmissions of something that already arrived (if the number is low) or an indication that a bunch of packets were lost (if high). This is a little complicated by the fact that the session is bi-directional, but not too much. So, especially if you're able to monitor the packets of the session, it's fairly simple to hijack it by sending sequence numbers a bit ahead of the legitimate sender, causing its packets to be discarded as duplicates, and yours to be accepted. |
|
|